Most UK consumers want the government to fine companies who don’t protect personal information.
Some 86% of more than 1,000 UK consumers polled by the Institute of Customer Service (ICS) think the government should review data protection laws, while 77% feel it should do more to protect data from cyber attacks.
The findings of the survey are in line with the recommendations by the Department of Culture, Media and Sport (DCMS) Committee’s inquiry into the October 2015 data breach at TalkTalk, which saw the personal information of 155,000 people compromised.
The committee has published a set of recommendations in its inquiry report for improving data security in the UK, including the introduction of escalating fines for delays in reporting breaches of personal data.
The report also recommends that the government initiates a public awareness-raising campaign about online scams and allocate more resources to the Information Commissioner’s Office (ICO), the UK’s data protection authority.
Although most UK consumers would like to see more government action on data protection, 62% also believe businesses should do more to safeguard personal information, according to the ICS survey, which was included in a written submission to the DCMS committee’s inquiry.
The ICS survey shows only 13% of respondents are confident that their personal information is protected and only 15% trust organisations do everything possible to prevent security breaches.
“Businesses need to accept responsibility, rather than offer excuses, if customer data is exposed in a cyber security breach” said Jo Causon, chief executive of the ICS.
“Almost one in four consumers say nothing can restore their trust after a data breach, so if cyber security attacks continue at the current pace, business performance will suffer as concerned customers swap loyalty for personal data safety,” she said.
The ICS survey shows that 22% of respondents no longer trust companies that have suffered a breach, while 28% said they avoid organisations that have suffered a breach. In the event of a breach, 41% seek immediate notification, 23% want compensation and 10% look for an apology.
To reassure customers, the ICS outlines a series of actions businesses can take in its response to the DCMS Committee inquiry.
These include ensuring staff have the appropriate skills to communicate how data is protected and what is happening in the event of a cyber-attack; setting out the approach taken to protect customers’ data so consumers are fully informed and able to make a decision about what to share; and following a consistent set of standards across an organisation so that customer data is continuously protected no matter where it is held or analysed.