The Information Commissioner’s Office has this week published a guide to data protection for small businesses, with a checklist of legal requirements, in a bid to make compliance easier and to warn companies of a scam involving bogus government agencies.
The guide, Getting it Right, aims to give businesses a jargon-free explanation of what they need to know to comply with the Data Protection Act (DPA).
It also warns companies to beware of bogus data protection "agencies" run by fraudsters who demand high fees to register companies under the DPA. The ICO said letters from agencies charging more than £35 for notification are likely to be a scam.
The DPA requires all businesses to follow eight principles, including making sure staff and customer records are stored securely, used for the right reasons and are always accurate and are kept up to date. Businesses that process personal information also have to "notify" - or register - with the ICO.
But the bogus agencies scam has thrown the notification process into confusion. The ICO was unable to give figures for the number of businesses that had sent in notifications because many had sent theirs to fraudsters. Some of the bogus agencies had forwarded forms to the ICO, while others had not, a spokesperson said.
Assistant information commissioner Jonathan Bamford, said, "It is good business practice to comply with data protection. No business wants to keep files that are inaccurate or out of date.
"Small businesses can have a lot of legislation to comply with and we are trying to cut out the jargon. Our simple guide has been designed to help businesses understand and easily follow data protection rules."
Getting it Right is available by calling 0870 600 8100. www.informationcommissioner.gov.uk