Agency Marketing Improvement has carried out previous tests in 2003 and 2005. This third survey questioned 50 companies from the FTSE 100 list of the UK's biggest publicly quoted firms.
It found that though 94% of the companies had adequately notified the Information Commissioner of their processing of information, 60% did not "understand their obligations" because in only 40% of cases did the first point of customer contact, the corporate switchboard, understand what a data protection request was.
The question asked at switchboard level was: "My name and details appear on marketing databases in your corporation. I would like to know whom to speak to so that I can check that the details you hold on me are correct, please." The question was repeated at each destination to which the call was forwarded in each company.
The survey also found that 25% of the surveyed companies had no privacy policy published on their websites. However, Struan Robertson, a technology lawyer with Pinsent Masons, the law firm behind OUT-LAW.COM, said that there was no legal obligation to publish such a policy.
"Users expect to see a privacy policy, and it certainly is recommended for a website, but you don't need one to comply with privacy laws in the UK," said Robertson. "Instead, our laws require that you give certain privacy information wherever a user's personal details are collected, for example on the page where they register for your newsletter."
"It's wrong to conclude from the absence of a privacy policy that a company is failing to comply with data protection laws," he said.
Have you read these related articles?
Newsletter:
