Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Most businesses collecting data they never use, survey finds

Ripe for the picking...

Most companies in the UK, France and Germany collect data they never use, according to a new survey.

Data storage providers Pure Storage said a survey of 308 IT decision makers across the three countries in July that it commissioned found that 72% of organisations "have gathered data that was not used later on". The survey asked whether the IT decision makers had ever gathered data such as financial information, HR statistics or customer insights that they have not used.

According to a report detailing the survey results, 22% of respondents admitted that they often collect data that they never end up using, whilst half of those surveyed said it "happens occasionally". Just over a quarter of respondents (26%) said they always use the data they collect.

A lack of internal skills, cost, the time consuming nature of data processing and a lack of "proper data processing tools" were all cited as reasons why organisations do not "fully process" the data at their disposal, Pure Storage's report (11-page / 3.08MB PDF) said.

The survey also highlighted that just 36% of businesses believe everyone in their company has "access to the information they need to make the right decisions". Of the IT decision makers surveyed, 51% said their company had "lost a business opportunity due to the lack of necessary information", with missed opportunities like this occurring at least once a week for 31% of businesses.

In an opinion issued on data protection and the internet of things last year, EU privacy watchdog the Article 29 Working Party warned businesses that collect personal data that is not necessary for the purposes they wish to pursue on the hope that they will find a use for it in future that they could be found in breach of EU data protection laws.

"Some stakeholders consider that the data minimisation principle can limit potential opportunities of the IoT, hence be a barrier for innovation, based on the idea that potential benefits from data processing would come from exploratory analysis aiming to find non-obvious correlations and trends," the watchdog's guidance said. "The Working Party cannot share this analysis and insists that the data minimisation principle plays an essential role in the protection of data protection rights granted by EU law to individuals, so that it should be respected as such."

EU data protection laws require personal data to be processed fairly and lawfully and collected for specified, explicit and legitimate purposes only and not further processed in a way incompatible with those purposes.

Under the laws, data controllers must ensure the personal data they process is adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. In addition, they can only store personal data "in a form which permits identification of data subjects" for a period "no longer than is necessary for the purposes for which the data were collected or for which they are further processed".

Those rules read together make up the broad data minimisation principle that organisations responsible for processing personal data must abide by. Similar laws are anticipated under the proposed new General Data Protection Regulation which will replace the existing Data Protection Directive in the EU.

Copyright © 2015, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like