A fifth of SMEs are breaching the Data Protection Act

According to research released today from BSI, 18% of 500 small and medium-sized employers surveyed were unsure if they had breached the Data Protection Act or not.

A breach could refer to an illegal transfer of information to a third party, failure to hold information securely or neglect of other legal operations. According to the research, 65% of businesses do not provide data protection training for their staff, 15% are not sure if their data protection practices conform to the Data Protection Act and 5% frequently share data regardless.

Almost one in five businesses (18%) claim data protection has become less of a priority for them during the recession.

Mike Low, director of standards at BSI, said: "The five million small and medium-sized businesses in the UK form the backbone of the British economy. These organisations are handling vast amounts of personal information on a daily basis and, while it is encouraging that some already have appropriate data protection measures in place, this survey shows there is still a long way to go."

BSI today launches a new British Standard BS10012, which is a standard for personal information. It provides a framework for organisations on the effective management of personal information.

Gordon Wanless, chairman of the Data Protection Forum, said: "The BSI survey backs up what we have known for some time - many organisations find the legislation in this area complex.

"The standard can help organisations put in place measures that will lead to compliance and demonstrate they are handling personal information responsibly."