Workplaces lax on Data Protection
Security–lax employers are leaving staff exposed to identity fraud by failing to protect their personal data at work, according to marketing firm CPP.
A CPP survey of more than 1,000 UK employees found that 60% have been put at risk of fraud because of their employer’s poor data security policies.
The research revealed that despite recent high–profile data losses by business and government, employers are still failing to shred sensitive documents and personal information, with some even placing this data on websites.
CPP identity fraud expert Danny Harrison said the results were surprising, given that employers have a legal responsibility to protect their staff under the Data Protection Act.
“Businesses could be at risk of hefty fines if they don’t comply, and of course there is the much bigger risk of harming their corporate reputation among staff and customers should the worst happen,” said Harrison.
“It’s a growing problem and employers must be alert to the risks,” he added. “Figures show that 85% of businesses have had at least one serious incident of data loss in the past twelve months.”
“Firms should make sure that staff clearly understand security procedures, such as not giving out personal details or leaving sensitive documents open on computer screens,”.
The survey also highlighted that a quarter of employers confessed to taking personal information out of the office, while 19% admitted to leaving employees’ personal information lying on their desks.
The Information Commissioner’s Office, which enforces the Data Protection Act, said it was worrying that businesses were still failing to take data protection responsibilities seriously. An ICO spokesman said:
“Action will be taken against organisations that breach data protection rules,”
“Recent security breaches have highlighted the importance of safeguarding personal information and the risks if information is not handled properly,” he added. “The Data Protection Act is very clear — organisations must take the necessary steps to ensure information is secure at all times.”
For more information on employers’ data protection obligations visit the Information Commissioner’s Office website.