UK firms fall foul of data laws

Most UK companies are in danger of breaching the data protection laws, according to recent research findings.

A survey conducted by security provider Security Dynamics found that there is an alarming lack of understanding among UK companies of the implications of the Data Protection Act, which came in to force last month.

The survey, which questioned senior marketing executives in 100 medium to large UK companies, found 85 per cent were unaware that the 1984 act was due to change at all.

The Data Protection Act extends the principles of the original law, which applied mainly to consumers, to companies with business customers.

All organisations now have a duty of care towards the personal information they hold and must take adequate security measures to ensure the integrity and security of this data. This includes any contact with names and other personal details - sales contact lists, personnel files, customer databases, email addresses and supplier details.

The survey showed that personal data is widely used in marketing activities, with 68 per cent of companies undertaking volume direct mail campaigns and 32 per cent renting out lists for marketing. Few of the companies questioned had any control over who accessed their corporate databases internally and 22 per cent said they allowed external suppliers and agents access to their databases.

General manager of Security Dynamics Graham Welch, said: 'Companies without adequate protection are exposing themselves to serious breaches of the act, which has more powerful and wide ranging penalties than its predecessor.

IT security must adequately protect data both inside and outside of the company.'