ICO Press Release – Big Businesses Lagging Behind Public Sector on Data Protection Awareness

In a recent press release, the Information Commissioners Office (ICO) has reported that new figures (based on research undertaken by SMSR) show that information rights remain a high social concern among members of the general public. " More than 90% of individuals ranked ‘protecting personal information’ as a socially important issue. Only ‘preventing crime’ ranked higher at 93%." The majority of individuals surveyed knew that they had a right to see information that organisations held on them and that they had a right to request the information under the Freedom of Information Act.
The report states that large private sector companies are lagging behind the public sector in their knowledge of data protection. Just under half of the private sector firms said that they should store personal information securely and, although awareness of five of the eight data protection principles had increased in the last year, levels of awareness are still higher in the public sector.
Is this in part due to the Government having made Privacy Impact Assessments mandatory for all new and developing public sector IT projects? Or is it that, through past experiences and data breaches, government departments are now more aware of their accountability and, in addition to implementing technical solutions, are actively promoting
education and training on privacy and data protection? Either way, they appear to be on the right track and it is now up to the private sector to follow suit.
Information Commissioner, Christopher Graham, said:
"A strong awareness of data protection obligations is of fundamental importance to any organisation. Businesses need to show they are taking data protection seriously. Failing to do so could not only lead to enforcement action, it could also do significant damage to their reputation."
"There is a link between satisfied customers and good handling of personal information. Our research shows that almost all of the individuals surveyed are concerned about the collection and secure storage of their personal information. Ignoring data protection obligations is ignoring a key customer concern."
In earlier news articles we have discussed the issues surrounding Privacy & Data Protection and the implications for both the public and private sectors. Our paper detailing the requirements and implementation of Privacy Impact Assessments concludes that, whilst a PIA is mandatory only for Govt. Departments and agencies, it is an exercise that should also be carried out by private sector organisations to ensure compliance with the DPA and other legislation. Conducting a PIA will effectively communicate privacy risks associated with the development of systems to handle and distribute personal data that have not necessarily been addressed through other departmental mechanisms. The PIA will thus contribute to
senior management’s ability to make fully informed policy, system design and procurement decisions. Such an exercise will prove your company’s commitment towards data protection and understanding the general public’s privacy concerns.
With regard to PIAs specifically, Regency ITC consultants have extensive experience and knowledge of completing the whole process from assessment and development through to production and delivery of both full and small-scale PIAs. For further information or advice on this subject call 01242 225699 to discuss your requirements and find out what Regency ITC can do to help.