1 There is a high level of awareness of data protection and the Data Protection Act.
2 There is broad acceptance of the values and principles of data protection, although opinions appear divided as to the benefits of compliance.
3 Awareness and acceptance of principles in broad terms does not necessarily translate into
specific knowledge of registration/notification.
4 The compliance or ‘red tape’ burden associated with government regulation does not appear to be a major issue for the Data Protection Act for most of the business, although there is a small ‘vocal minority’ who consider this an issue.
5 Two key terms registered most strongly with the businesses (1) Security of Data and Information, and (2) Confidentiality. Privacy also figured as a significant term, but not to the same extent.
6 Effective practice in data protection was closely associated with wider information management and data control within the business – those enterprises that deployed information for business benefit tended to be actively supportive of data protection principles and found it easy to comply with the Act.
7 Individual and shared attitudes towards data protection and information are key influences on business approaches to this issue, and so constitute a primary influence on compliance and engagement with the Act and the ICO.
8 Different approaches to data protection and information can be identified, and used to identify distinctive segments – each with different requirements and approaches.
9 There was some indication that respondents were considering effective practice in information and data management and handling, with data protection being seen as a ‘sub-set’ of these considerations. Good practice in data protection, in other words, appears to be part of and to stem from wider approaches to information.
10 Although the Act itself had a high profile, the ICO was less well known and some businesses thought that it would be useful for the ICO to engage more with SMEs
Full Report
Source: http://www.ico.gov.uk
