The public sector has greater awareness of data protection than large private businesses, a survey from the Information Commissioner’s Office (ICO) has revealed.
This is despite the ICO previously revealing that the NHS is the worst culprit for data breaches.
In the ICO's survey, while 60 percent of public sector organisations said they were aware that they should store personal information securely, only 48 percent of businesses in the private sector said the same.
Furthermore, while 40 percent of public sector organisations knew that they had an obligation to keep personal information for no longer than is necessary, just eight percent of private businesses were aware of the requirement.
The ICO said that although overall awareness of five of the eight data protection principles increased between 2009 and 2010, levels of awareness continued to be higher in the public rather than private sector, where small to medium businesses in particular were less aware.
The survey, which was carried out by researchers SMSR for the ICO, questioned 401 private sector companies and 400 public sector organisations. SMSR also surveyed 1,226 members of the public for their views on data protection.
The lack of data protection awareness exists among businesses despite 92 percent of individuals citing ‘protecting personal information’ as a socially important issue, second only to ‘preventing crime’ at 93 percent.
Members of the public are also more aware of the fact that they have a right to see the information that an organisation holds about them, 89 percent, which has increased by 15 percent from 74 percent since 2004.
Information Commissioner Christopher Graham, said: “A strong awareness of data protection obligations is of fundamental importance to any organisation. Businesses need to show they are taking data protection seriously. Failing to do so could not only lead to enforcement action, it could also do significant damage to their reputation.
“Our research shows that almost all of the individuals surveyed are concerned about the collection and secure storage of their personal information. Ignoring data protection obligations is ignoring a key customer concern.”
The ICO has the power to issue fines of up to £500,000 in the case of a serious data breach, but has not yet exercised this power.