Most UK consumers worried about how personal data is shared

A survey by the ICO shows 85% of UK consumers are concerned about how their personal details are passed on or sold to other organisations

A survey by the Information Commissioner’s Office (ICO) shows that 85% of UK consumers are concerned about how their personal details are passed on or sold to other organisations.

The survey reports that 77% of UK consumers are concerned about organisations not keeping their personal details secure.

Information commissioner Christopher Graham said companies must do more to inform consumers about the way their information is being shared.
“Providing people with enough information to understand how their details will be used is a basic principle of data protection,” he said.

Graham said that although the vast majority of companies are meeting the requirements of data protection law, the survey shows that people remain concerned about how their information is being shared.

“This situation is not good for consumers, or for businesses,” he said.

The survey also shows that 75% of respondents think it is important that private companies acting on behalf of public authorities should be subject to the Freedom of Information Act, and 79% think it is important that the regulator is independent of government.

Read more about proposed European data protection laws

  • More than half of European companies do not know about legislation planned to unify data protection laws.
  • Only half of UK IT decision-makers are aware of the coming EU Data Protection Regulation, compared with 87% in Germany.
  • The vast majority of cloud providers are not yet prepared to meet the requirements of the new EU General Data Protection Regulation.

“The ICO has to find the right balance of the public interest – between openness to the outside and necessary frankness inside organisations,” said Graham.

“These decisions are not straightforward and are sometimes controversial, but as guardians of the public interest, we are properly accountable to Parliament and the courts.”

Graham said that although the UK will have a new data protection framework in the next three years, there are still basic things that organisations can do today to comply with current legislation and prepare for the future regulatory landscape. 
“Businesses should take the results of our survey as a prompt to address consumers’ concerns and provide clearer information to explain when people’s details will be shared and with whom,” he said.

“Getting these basics right today will not only improve consumer trust, but also help a business along the road to future compliance.”
Graham’s comments coincide with the publication of the ICO’s latest corporate plan, which sets out the data protection watchdog’s priorities for the next three years.

Its priorities include:

  • Preparing for a period of substantial change with the implementation of a new EU data protection framework and the outcome of the Ministry of Justice’s Triennial Review.
  • Developing and promoting an ICO privacy seal scheme to demonstrate a commitment to good data protection practices.
  • Engaging with transparency and Open Data initiatives to ensure a balanced information rights perspective. 

Last week, deputy information commissioner David Smith told a Westminster eForum that while new data protection legislation is being formulated in Brussels, data protection and privacy will continue to be important and UK firms can expect more from the ICO on data-sharing.

He hit out at critics who have suggested the ICO imposes monetary penalties for breaches of data protection laws only on public-sector organisations.

“The last five monetary penalties issued by the ICO have involved private-sector companies, which proves that we go after any organisation that breaks the rules,” he said.

Smith said UK organisations can reduce the risk of monetary penalties by ensuring they are patching their software systems and putting proper protections around personal data.

Read more on Privacy and data protection