ICO urges better transparency as trust in companies processing data rises slightly

In its annual review on the state of data protection awareness and trust, the ICO’s Annual Track highlights a small increase in trust of companies and organisations processing their data. The research highlights that 34% of people have high trust and confidence, compared to 21% in 2017. However, people seem to be more likely to trust public bodies than private businesses with their data (which is slightly contrary to Edelman Trust Barometer findings (although not specifically looking at data processing)).

The full report can be read on the ICO’s website along with a summary here. The key highlights in the report are:

  • 34% of people have high trust and confidence in companies and organisations storing and using their personal data, up from 21% in 2017.
  • 78% felt that if an organisation was affected by a data breach and their information was lost or stolen, the company holding the data should be held responsible, with risk of data being stolen, high on their list of concerns
  • 51% of people are worried about how technology is being used to make decisions based on their data (automated decision making as it’s referred to in the GDPR)
  • An increase from 10% to 18% of adults feel they have a good understanding of how their personal data is used and made available by companies and organisations in the UK, however the ICO say that whilst a large majority of the public are aware of GDPR, there is still more work to be done to reach the same level of awareness as the previous 1998 Act

The research was carried out in July this year, so well and truly past the GDPR-deadline, so maybe an indication that awareness of GDPR (probably driven by the “we need your consent” email barrage in May) may be instilling some confidence in “data subjects”, however, the ICO is right to highlight the need for openness and transparency about data processing. After all, the first data protection principle states that processing must be, as well as lawful, fair and transparent; plus the GDPR introduced the new data subject, right to be informed – it should not be a surprise to anyone about how their data is being processed.

So, why is trust and confidence so low. It might just be a feeling, but there is a sense of a considerable increase in data related incidents in 2018. Possibly fuelled by media coverage of the GDPR, but nonetheless there have been some considerable data breaches reported (viz British Airways this week, Dixons Carphone, etc.) this year as well of course the Facebook/Cambridge Analytica scandal and data being used to influence politics. So, what with all these incidents, general awareness campaigns about GDPR, everyone talking about GDPR and bombarding their customers with GDPR consent it’s no wonder awareness in the general public is high, but trust is low.

If you’re a business, what can you do? Simply put, make sure you have your compliance in place: audit your data and processes and identify any unnecessary processing or retention or security risks, train your staff, implement and enforce policies, but most of all – keep it up.