One in four UK organisations unaware of DPA obligations

The ICO has published its latest annual tracking survey, putting a positive spin on the fact that 75% of UK organisations are aware of their obligations to keep personal data secure.

While this is 26% up on last year’s figure, it also shows what one in four organisations is not aware of its need to comply with the Data Protection Act, says Ross Brewer, vice president and managing director of international markets at log management firm LogRhythm.

Furthermore, just because organisations are aware of their obligations does not mean they are fulfilling them, he said.

Regardless of what the DPA requires, the high profile breaches that regularly make the headlines should have made it patently obvious that ensuring data security is not optional, ,says Brewer.

“LogRhythm’s own research has found that the public is unlikely to give irresponsible companies a second chance,” he said.

The poll of 2,000 consumers, showed that 26% would never have anything to do with organisations which had lost data as a result of cyber crime and a further 61% stated they would try to avoid interacting with these organisations if possible.

The poll also revealed that 64% of the public is completely unaware of the ICO. Of those that are, only 33% it is doing a good job of ensuring UK organisations keep sensitive data safe.

“Even the ICO’s own research found that only 70% of organisations were aware that it was responsible for enforcing the DPA,” says Brewer.

The information commissioner will need to rectify this situation soon or the ICO may find itself in danger of becoming irrelevant, he said.

At a Trusted Computing Seminar hosted by Wave Systems in London yesterday in association with ISSA-UK, deputy information commissioner David Smith emphasised that the ICO was keen to help organisations meet their data protection commitments.

While the ICO may have increased its efficiency and reduced its backlog, as Smith claims, the privacy watchdog’s own research reveals there is still much to be done in raising awareness of its existence and its role in helping UK organisations comply with the DPA as well as its role of taking actions against those that do not.