The private sector is leading the way on data protection compliance as the public sector continues to struggle, according to the Information Commissioner’s Office (ICO) which has published a series of reports.
The ICO said "concerns remain" about data protection compliance within the local government sector and the NHS.
The findings are included in four reports which summarise the outcomes of over 60 ICO audits carried out in the private, NHS, local and central government sectors.
Louise Byers, head of good practice at the ICO, said, “We have been providing free audits to help organisations look after the personal information they collect and publishing the results for two years now.
"During this time we have seen some innovative and well thought out approaches to keeping people’s personal information secure and complying with the Data Protection Act."
Each report provides a summary of the level of assurance the organisations in each sector have provided during their audit, along with relevant examples of good practice and existing areas for improvement.
The audits were all carried out between February 2010 and July 2012. Within the private sector 11 out of the 16 companies audited had policies and procedures in place to comply with the Act.
This included having robust security measures in place and providing thorough training for their staff, said the ICO.
On the private sector, Byers said, "Private sector organisations we have audited so far should be commended for their positive approach to looking after people’s data. However this does not mean that businesses in the UK should rest on their laurels."
Byers said "relatively few companies" agree to an ICO audit, and further improvements can be made in the sector when it came to the retention and deletion of data.
In the health service only one of the 15 organisations audited provided a high level of assurance to the ICO, with the local government sector showing a similar trend with only one out of 19 organisations achieving the highest mark. Central government departments faired little better with two out of 11 organisations achieving the highest level of assurance.
Byers said NHS and central government departments that were audited had generally good information governance and training practices in place, but that they needed to do more to keep people’s data secure. Local government authorities also needed to improve how they recorded where personal information was held and who had access to it.
Byers said the results demonstrated why the ICO had requested an extension to its compulsory audit powers to cover the NHS and local government sectors.
Last month the ICO fined Scottish Border Council £250,000 under the Data Protection Act for not putting in appropriate guarantees when it outsourced responsibility to an external company to digitise employees’ pension records.
Some 676 records were deposited by the unnamed company into a recycle bin in a supermarket car park, which contained information on employee salary and bank accounts. The files were spotted by a member of the public, who then called the police.
Find your next job with computerworld UK jobs