How well does your business protect personal information?

Sixty-nine per cent of the UK say they don’t trust businesses to protect their personal information 

New research has found that 69% of the UK don’t trust businesses to keep their personal details confidential.
The findings are the result of a study by online business products and supplies specialist Direct365, which has unveiled a general wariness about companies holding onto sensitive information.
According to the poll, age is a big factor, with older people having a tendancy to be more skeptical about businesses’ data security measures. Eighty-two per cent of the over-65s who took part in the poll said they didn’t trust firms with their details.
At the other end of the scale, the 18 to 24-year-old group were the most trusting, with 47% saying that they weren’t worried about companies keeping hold of their information.
Despite this, the research indicated that more than one in three people (37%) don’t even shred their own documents when they are done with them, leaving them wide open to identity theft.
Young people are most guilty of this, with 49% of 18 to 24-year-olds admitting that they don’t dispose of their personal documents properly.
Phil Turner, head of Digital at Direct365, said: “These figures show that most people are still worried about giving their sensitive information to companies.
“It’s down to businesses to demonstrate that they take data protection extremely seriously, and it’s vital that they reassure customers about their security policies and procedures.
“Perhaps the most worrying thing, however, is that so many people – particularly youngsters – don’t even safeguard themselves against potential data theft.
“Around half of the 18 to 24-year-olds that we spoke to freely admitted that they don’t shred documents like credit card statements and bills. This is asking for trouble.”
The numbers do not read well for young adults, as the amount of victims of fraud and identity theft continues to rise.
Recent studies by fraud prevention experts Cifas showed that young people are consistently being targeted by criminals, with a 52% rise in victims under the age of 30 between 2010 and 2015.
In light of the recent Brexit decision, there is a great deal of uncertainty surrounding data protection legislation, as it’s unclear how the UK will fare if it is not obliged to adopt Europe’s General Data Protection Regulations. These are supposed to take effect across EU states in May 2018, by which point the UK may have left the union.
MD of consultancy-led security company Identity Methods Ian Collard points out that the current Data Protection Act of 1998 was drawn up at a time pre-dating the widespread use of smartphones, social media and online banking. As such, it may no longer be fit for purpose.
Collard said: “17 years ago less than 1% of Europeans used the internet. Today, vast amounts of personal data are transferred and exchanged across continents and around the globe in fractions of seconds.
“Suggesting that we adopt the old Act as our fallback position is akin to using veteran car laws to control modern motorway traffic.”

What should businesses uphold?

When holding your personal data, businesses are bound by the Data Protection Act, 1998.
Whilst the act itself may be close to 10 pages long, it presents eight key points businesses should follow when holding data:
  1. Personal data shall be processed fairly and lawfully.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up-to-date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Sponsored by