ICO: Only 20% of UK citizens trust companies with their data

Graphic showing a digital padlock overlaid above information that has been encrypted

Only one-fifth of UK citizens trust companies to securely store their personal information, according to a survey published yesterday by the Information Commissioner's Office (ICO).

The report, which was conducted by ComRes on behalf of the ICO, also found that only 10% of UK adults have a good understanding of how their personal data is used once it has been collected.

"As personal information becomes the currency by which society does business, organisations need to start making people's data protection rights a priority," said Steve Wood, deputy commissioner of the ICO. "Putting data protection at the centre of digital businesses strategies is the key to improving trust and digital growth."

The results come after a year of high profile data breaches. The breach on Yahoo's systems, initially reported in September 2016, is now thought to have affected all three billion of its accounts, considered to be the largest breach in industry history.

The year since has been filled with a spate of hacks on corporate systems, including electronics company CEX, AA, TalkTalk, Debenhams Flowers, and most recently, Equifax, which is thought to have affected at least 700,000 UK customers, alongside millions of US citizens.

The ICO pointed out that under the EU's forthcoming General Data Protection Regulation (GDPR), businesses will have an obligation to ensure the data they hold is not only secure, but is made more transparent to give customers a clear understanding about how it's used.

"By now organisations should be aware of the changes to data protection law next May," said Wood. "It's no longer acceptable to see the law as a box-ticking exercise. Organisations will need to be accountable, to their customers and to the regulator.

Of the 2,153 British citizens interviewed by the ICO, the majority were found to have more trust in public bodies to hold their personal data than private organisations. Just over 60% said they had confidence in the NHS or their local GP when it came to handling their data, while 53% said the same of the police. However, only 49% said they trusted the government and its various departments or organisations.

This is despite the increasing number of cyber attacks targeting the UK's public bodies over the past year, largely facilitated by outdated IT systems. A report by the National Audit Office last month said that the WannaCry attack on the NHS could have been prevented if it had deployed "basic IT security", such as upgrading machines running the outdated Windows XP operating system.

The UK also suffered a hack in June which led to the breach of 90 email accounts belonging to MPs, while in August the Scottish parliament described being hit by an almost identical "brute force" cyber attack that attempted to breach its systems.

"These are sobering facts that should act as a wake-up call to businesses," said Fraiser Kyne, CTO of Bromium. "The fact is our online economy relies on trust, which is a fragile thing. This lack of trust could result in people turning away from online services in the future, which could have a serious business impact.

"The only way we can start to rebuild trust is to stop these attacks from happening, and that is never going to happen if we just carry on doing the same thing we always have."

The ICO's Wood hopes to see improvements in these figures, saying: "It's time for organisations to start building the UK public's trust and confidence in how data is used and made available".

Picture: Bigstock

Dale Walker

Dale Walker is the Managing Editor of ITPro, and its sibling sites CloudPro and ChannelPro. Dale has a keen interest in IT regulations, data protection, and cyber security. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.