Researchers from the firm telephoned a random selection of 50 of
the FTSE 100 companies, asking to be put through to the person
responsible for data protection within the company – the Privacy
Officer.
The researchers then analysed whether the switchboard operators
understood what they were being asked – which they should have done
if they had been properly briefed – and whether there actually was
a Privacy Officer within the company.
Seventy-two percent of switchboards did not understand the
question, says Marketing Improvement, and 26% responded immediately
with a “No idea”. But with only one exception, all switchboards
took time and trouble to find a solution.
Twelve-percent of calls were transferred to the IT department,
6% were sent to the customer service department and 6% to the legal
department.
In 10% of cases, researchers were transferred to more than one
department, and in one case it took four departments and 15 minutes
before the researcher was eventually given an address to contact,
rather than a person to speak to.
In only 34% of cases did researchers discover that there was
actually a Privacy Officer – in some cases only being directed to
the appropriate person after being wrongly transferred to a helpful
third party. Sixty-six percent of the companies surveyed did not
have a Privacy Officer.
Marketing Improvement blames this incompetent manner of dealing
with such queries on a lack of enforcement on the part of the
Information Commissioner.
“This lack of rigour causes an assessment of low compliance with
or knowledge of Data Protection legislation as a medium business
risk,” says the report.
It recommends that firms appoint a Chief Privacy Officer,
establish the touch points between the firm and customers and
ensure that they are properly briefed, and ensure that a clear
privacy policy is on the company website, along with contact
details.
