ICO: Only 20% of UK citizens trust companies with their data
British public still trusts most public bodies despite year of data breaches

Only one-fifth of UK citizens trust companies to securely store their personal information, according to a survey published yesterday by the Information Commissioner's Office (ICO).
The report, which was conducted by ComRes on behalf of the ICO, also found that only 10% of UK adults have a good understanding of how their personal data is used once it has been collected.
"As personal information becomes the currency by which society does business, organisations need to start making people's data protection rights a priority," said Steve Wood, deputy commissioner of the ICO. "Putting data protection at the centre of digital businesses strategies is the key to improving trust and digital growth."
NHS ransomware: UK government says it's North Korea's fault WannaCry happened Equifax data breach: Ex-CIO to serve four months in prison for insider trading General Data Protection Regulation (GDPR)
The results come after a year of high profile data breaches. The breach on Yahoo's systems, initially reported in September 2016, is now thought to have affected all three billion of its accounts, considered to be the largest breach in industry history.
The year since has been filled with a spate of hacks on corporate systems, including electronics company CEX, AA, TalkTalk, Debenhams Flowers, and most recently, Equifax, which is thought to have affected at least 700,000 UK customers, alongside millions of US citizens.
The ICO pointed out that under the EU's forthcoming General Data Protection Regulation (GDPR), businesses will have an obligation to ensure the data they hold is not only secure, but is made more transparent to give customers a clear understanding about how it's used.
"By now organisations should be aware of the changes to data protection law next May," said Wood. "It's no longer acceptable to see the law as a box-ticking exercise. Organisations will need to be accountable, to their customers and to the regulator.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Of the 2,153 British citizens interviewed by the ICO, the majority were found to have more trust in public bodies to hold their personal data than private organisations. Just over 60% said they had confidence in the NHS or their local GP when it came to handling their data, while 53% said the same of the police. However, only 49% said they trusted the government and its various departments or organisations.
This is despite the increasing number of cyber attacks targeting the UK's public bodies over the past year, largely facilitated by outdated IT systems. A report by the National Audit Office last month said that the WannaCry attack on the NHS could have been prevented if it had deployed "basic IT security", such as upgrading machines running the outdated Windows XP operating system.
The UK also suffered a hack in June which led to the breach of 90 email accounts belonging to MPs, while in August the Scottish parliament described being hit by an almost identical "brute force" cyber attack that attempted to breach its systems.
"These are sobering facts that should act as a wake-up call to businesses," said Fraiser Kyne, CTO of Bromium. "The fact is our online economy relies on trust, which is a fragile thing. This lack of trust could result in people turning away from online services in the future, which could have a serious business impact.
"The only way we can start to rebuild trust is to stop these attacks from happening, and that is never going to happen if we just carry on doing the same thing we always have."
The ICO's Wood hopes to see improvements in these figures, saying: "It's time for organisations to start building the UK public's trust and confidence in how data is used and made available".
Picture: Bigstock
Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
By Ross Kelly
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackers
News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
By Emma Woollacott
-
Healthcare systems are rife with exploits — and ransomware gangs have noticed
News Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
By Nicole Kobie
-
Alleged LockBit developer extradited to the US
News A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
By Emma Woollacott
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
By Emma Woollacott
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
News The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
By Solomon Klappholz
-
Warning issued over prolific 'Ghost' ransomware group
News The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
By Solomon Klappholz
-
The Zservers takedown is another big win for law enforcement
News LockBit has been dealt another blow by law enforcement after Dutch police took 127 of its servers offline
By Solomon Klappholz