Research commissioned by the ICO, the Information Commissioner's Office, has concluded that SMEs are less aware of the principles of the DPA, the Data Protection Act, than their larger peers.
Researchers found that just 22 per cent of the 800-plus SMEs surveyed were aware that they are required to keep customer information accurate and up to date under the Act.
This is despite the fact that 94 per cent of the companies surveyed believed that the Act makes good business sense.
Speaking at the Sixth Annual Data Protection Compliance conference on Thursday, Richard Thomas, the Information commissioner, said that the findings are of considerable concern in light of the recent increase in identity fraud.
Businesses, he said, must now take their responsibility to protect personal information seriously.
David Hobson, managing director of Global Secure Systems (GSS), the specialist IT security systems integrator and consultancy firm said the ICO survey findings come as no surprise to him.
"Data compliance has always been something of a Cinderella topic amongst SMEs, although we have found larger enterprises are starting to realise the need for maintaining accurate customer data and storing it securely," he said.
"I suspect that, as the provisions of the Companies Act 2006 become law, which are due to be phased in progressively between now and late next year, SMEs will rise to the challenge. In the meantime, it is down to the ICO's office and, specialists like ourselves, to educate companies of the need for accurate and secure records," he added.