Ofgem has labelled findings which revealed 58 per cent of utilities companies failed to wipe the memory of redundant IT equipment before disposal as “concerning”.
In the two months following the introduction of General Data Protection Regulation (GDPR) 58 per cent risked financial penalties by failing to ensure old equipment had its memory cleared, the study by IT company Probrand found.
The research also revealed that 92 per cent of workers in the sector admitted they would not know who to approach within their company to correctly dispose of old or unusable equipment.
In response to the research an Ofgem spokesperson said: “This is concerning and we expect energy companies to take steps to ensure their data and systems are properly protected, which includes ensuring that devices are wiped before disposal.”
A total of 1,002 UK workers in full or part-time employment were surveyed by Probrand.
The utilities sector placed fourth out of ten in a list of industries shown not to clear the memory of IT equipment before its disposal. It followed transportation (72 per cent), sales and marketing (62 per cent) and manufacturing (59 per cent).
Matt Royle, marketing director at Probrand, said: “Given the amount of publicity around GDPR it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance.
“This is especially startling to see from businesses within the utilities sector, where sensitive customer information including address details and card numbers are handled all the time.
“The fines involved in a GDPR breach can potentially run into the millions – and what appear to be less-tangible impactors, like reputational damage, customer trust and loyalty, will ultimately become financially significant.
“Given these findings, it is clear that more needs to be done to ensure that all businesses have a disposal procedure in place to avoid inadvertently leaking sensitive data.”
Despite many negative headlines around GDPR, research by Echo Managed Services suggest that more than a quarter of UK consumers would be happy for service providers such as utilities to share their personal data with other suppliers or third parties.
A study of 1,000 UK residents found 27 per cent would be happy for their information to be shared if it was used to help them better manage their bills or provide a more tailored support if they fell behind on payments.
However, one in five (20 per cent) of people would not agree to data sharing while 29 per cent stated that they would worry about the security of their data if it was shared in this way.
Monica Mackintosh, customer services director at Echo Managed Services, said: “It’s important not to assume that customers would automatically be happy to share their data – even if it would help them in the long-run.
“Trust plays an important role here, and recent high-profile data leaks are likely to have undermined consumer confidence in the ways their personal data is handed.”