My employer, comply with data protection law? Don't think so – say 3 in 4 office drones

Less than a quarter of staff at businesses in the UK, France and Germany think their organisation fully complies with data protection laws, according to a new study.

Cyber security company Sophos commissioned a survey of 1,500 office workers in the three countries and found that 77 per cent of respondents were not confident that the company they work for adheres to data protection requirements.

The survey revealed that 60 per cent of UK businesses have a clearly communicated data protection policy, compared to 50 per cent in Germany and 43 per cent in France. Larger companies are more likely to have a data protection policy, Sophos said.

Respondents also highlighted worries they have over the security of personal data for which their organisation is responsible. Concern on this issue is greatest in France, according to the survey, where 86 per cent of respondents expressed concern about personal data security in their organisation compared to 78 per cent and 74 per cent of respondents from the UK and Germany respectively.

Fear of cyber attacks leading to data breaches and concern for the security of corporate data was also greatest in France compared to in the UK and Germany, Sophos said.

According to the survey, more devices used for work purposes are encrypted in the UK than France or Germany. In the UK, 62 per cent of businesses encrypt laptops and 41 per cent encrypt company mobile devices. In France, 36 per cent and 21 per cent of companies encrypt laptops and mobiles respectively. Fewer than a third (32 per cent) of German businesses encrypt work mobiles, although 56 per cent encrypt company laptops, Sophos said.

In the UK, the Information Commissioner's Office (ICO) has repeatedly warned organisations to ensure portable devices are encrypted. The watchdog has previously taken enforcement action against organisations that experienced a breach of personal data as a result of devices being unencrypted.

Sophos said that 64 per cent of office workers surveyed said their employers require staff to input passwords to use work mobile devices.

Compliance issues relating to the use of "shadow IT" were also identified by the survey.

The term "shadow IT" generally refers to the use of applications by employees where those applications have not been approved for use by the IT department or which have not otherwise been obtained in accordance with IT policies.

Sophos said 66 per cent of office workers do not always check whether data held by a business is "safe to share", and 64 per cent of respondents said they were "prepared to use shadow IT and personal cloud services to circumvent their organisations’ IT restrictions and security policies" to share data more easily.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.