Small businesses have a much lower awareness of the principles of the Data Protection Act than larger organisations, according to new research commissioned by the Information Commissioner's Office.
Just over half of small businesses recognise the importance of keeping customers' personal information secure.
But only 22 per cent are aware that the Data Protection Act requires them to keep customer information accurate and up to date.
Information Commissioner Richard Thomas told the Privacy and Data Protection conference today: "In an age when the risk of identity fraud is increasing, these findings are of considerable concern.
"Individuals are regularly urged to protect their personal information, but businesses large and small also have a responsibility to ensure that customer information is secure and accurate. Businesses must take this responsibility seriously.
"The majority of businesses are complying with the Act but my Office will not hesitate to take action against the few businesses which are failing to protect personal information effectively."
This guidance is part of a series of short Good Practice Notes published by The Information Commissioner's Office.
