Most businesses collecting data they never use, survey finds
Ripe for the picking...
Most companies in the UK, France and Germany collect data they never use, according to a new survey.
Data storage providers Pure Storage said a survey of 308 IT decision makers across the three countries in July that it commissioned found that 72% of organisations "have gathered data that was not used later on". The survey asked whether the IT decision makers had ever gathered data such as financial information, HR statistics or customer insights that they have not used.
According to a report detailing the survey results, 22% of respondents admitted that they often collect data that they never end up using, whilst half of those surveyed said it "happens occasionally". Just over a quarter of respondents (26%) said they always use the data they collect.
A lack of internal skills, cost, the time consuming nature of data processing and a lack of "proper data processing tools" were all cited as reasons why organisations do not "fully process" the data at their disposal, Pure Storage's report (11-page / 3.08MB PDF) said.
The survey also highlighted that just 36% of businesses believe everyone in their company has "access to the information they need to make the right decisions". Of the IT decision makers surveyed, 51% said their company had "lost a business opportunity due to the lack of necessary information", with missed opportunities like this occurring at least once a week for 31% of businesses.
In an opinion issued on data protection and the internet of things last year, EU privacy watchdog the Article 29 Working Party warned businesses that collect personal data that is not necessary for the purposes they wish to pursue on the hope that they will find a use for it in future that they could be found in breach of EU data protection laws.
"Some stakeholders consider that the data minimisation principle can limit potential opportunities of the IoT, hence be a barrier for innovation, based on the idea that potential benefits from data processing would come from exploratory analysis aiming to find non-obvious correlations and trends," the watchdog's guidance said. "The Working Party cannot share this analysis and insists that the data minimisation principle plays an essential role in the protection of data protection rights granted by EU law to individuals, so that it should be respected as such."
EU data protection laws require personal data to be processed fairly and lawfully and collected for specified, explicit and legitimate purposes only and not further processed in a way incompatible with those purposes.
Under the laws, data controllers must ensure the personal data they process is adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. In addition, they can only store personal data "in a form which permits identification of data subjects" for a period "no longer than is necessary for the purposes for which the data were collected or for which they are further processed".
Those rules read together make up the broad data minimisation principle that organisations responsible for processing personal data must abide by. Similar laws are anticipated under the proposed new General Data Protection Regulation which will replace the existing Data Protection Directive in the EU.
Copyright © 2015, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.