People don't trust businesses with personal data (but hand it over anyway)

People don't trust businesses with personal data (but hand it over anyway)

One in four consumers don't trust any company to secure their personal information online. That's according to a survey of 1,000 UK consumers conducted by information security and risk management firm Integralis.

Although a quarter of all respondents said they don't trust any organisation to take care of their personal data online, there is some relatively good news in one sector: nearly 65% of people said they do trust banks with this information.

However, businesses operating in other fields need to do more to win the trust of their customers. Only 36% of people trust online retailers with their personal data, 24% trust supermarkets and just 22% trust online payment systems like PayPal.

No trust, no problem

But despite this general lack of confidence, people still use these services in droves. For instance, over half of people surveyed said they do grocery shopping online at least once a week. While people might not trust online retailers with their data, they're still willing to share it.

"Online shopping is unbelievably popular, even though people don't necessarily trust it," confirms Mick Ebsworth, information security consulting practice director at Integralis. "People are worried about the types of information these site sask for."

"Far too often, consumers are prepared to supply core personal details - like mother's maiden name or date of birth - to organisations that don't need that information."

This can put consumers at increased risk of ID theft, should that information fall into the hands of online criminals.

"People need to always think about the information they provide," explains Ebsworth. "Does an organisation need it? Your bank might not be attacked, but your account at another site with lower security might be. So why use the same passwords?"

Don't ask if you don't need it

Although consumers might be making mistakes by supplying personal information to firms that don't need it, the buck really stops with the organisations requesting it. If they want potential customers to trust them more, they need to be more circumspect about requesting information.

Ebsworth has some advice for online businesses: "Firstly, you need to put in place the technical controls to keep personal information secure. You need the right level of encryption and good levels of data storage. Think about who has access to that information - in your organisation, with third parties, and online."

"Secondly, only request information that you really need. Recognise that the consumer has a role to play here, but that you can help them."

Finally, he has a sober reminder for firms that might still be unconcerned about how they handle this data. "Everybody who collects personal information has a duty to take care of it. Although there's nothing in the law to say how you should deal with a data breach, the Information Commissioner's Office can levy big fines if they believe you haven't adhered to good practice."

Does your business need all the information it collects from customers? Do they trust you to take care of it?

• Your data protection obligations
• Don't panic, but 23% of your staff are stealing from you
• Perform an IT security risk assessment