Although nearly half (48 per cent) of the 401 private companies surveyed knew they had to keep personal information secure, this is down from 64 per cent in 2007.
When asked about the other obligations they are subject to under the Data Protection Directive, commercial organisations appear to have turned their back on or forgotten the rules. Processing information for limited purposes gained the second-highest level of awareness at just 12 per cent, down from 31 per cent four years ago.
Keeping data accurate and up-to-date was mentioned unprompted by only 11 per cent, compared to 40 per cent in 2007. The other five principles of the Directive were recalled by 8 per cent or less of the sample.
Commenting on the findings, Information Commissioner Christopher Graham said: “A strong awareness of data protection obligations is of fundamental importance to any organisation. Businesses need to show they are taking data protection seriously. Failing to do so could not only lead to enforcement action, it could also do significant damage to their reputation.”
He added: “There is a link between satisfied customers and good handling of personal information. Our research shows that almost all of the individuals surveyed are concerned about the collection and secure storage of their personal information. Ignoring data protection obligations is ignoring a key customer concern.”