ICO moves to raise data security profile
By Miya Knights,
The Office of the Information Commissioner (ICO) has launched additional Data Protection Act (DPA) guidance designed to address a lack of awareness aboiut the regulation among smaller businesses revealed by survey results today.
Small-to-medium sized businesses (SMBs) have a much lower awareness of the principles of the DPA than larger organisations, according to new research commissioned by the ICO.
Although just over half of 813 SMBs questioned during August and September this year recognised the importance of keeping customers' personal information secure, only 22 per cent were aware of their obligations under the Act to keep customer information accurate and up-to-date.
Speaking at the Privacy and Data Protection conference this week Information Commissioner, Richard Thomas said: "In an age where the risk of identity fraud is increasing these findings are of considerable concern."
The research revealed most businesses (94 per cent) believe the Act is necessary. But Thomas warned SMBs that a lack of awareness of the business implications of the Act would not be sufficient excuse to avoid the consequences of non-compliance.
"The majority of businesses are complying with the Act but my Office will not, and does not, hesitate to take action against the few businesses which are failing to protect their customers' personal information effectively," he said.
In response, new guidance published by the ICO today sets out a framework for organisations that need to share people's personal information. The Framework Code of Practice for Sharing Personal Information explains how organisations can set up their own arrangements to ensure that, where personal information is shared, good practice is adopted. The ICO will endorse organisations' own Codes of Practice subject to the right to audit arrangements being in places.
The framework outlines factors, such as security, accuracy of information and retention periods and is designed to be flexible, enabling organisations to extract relevant content and integrate it into existing policies and systems, as well as to augment training practices.
Iain Bourne, head of data protection projects said: "There are risks to sharing personal information, especially as technology makes it easier to store large amounts of sensitive information about people's private lives. Information must be shared in a secure, lawful and responsible way in order to maintain public trust and confidence.
"I encourage organisations to use the framework to develop their own code of practice to support good information sharing while maintaining public trust and respecting personal privacy."
This framework is one of a series of short Good Practice Notes published by the ICO that are designed to help SMBs understand data protection. It is available for download on the ICO's website.
advertisement
Latest Security Features
Top 10 security predictions for 2009
What will next year hold in the ever-changing world of IT security?
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- PCI's Bob Russo: Data loss hurts brand more than a fine
- How to be a successful online fraudster
- What you need to know about ID cards
- Lessons to learn from a year of data breaches
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
Latest Security Reviews
EXCLUSIVE - eSoft ThreatWall 250
Rating: 
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?