Data protection in all businesses has come under increased scrutiny in recent months after a number of high-profile breaches, with information commissioner Richard Thomas last month criticising several high street banks for some of their “careless and inexcusable” practices.

Now, data protection consultant Alasdair Warwood has insisted that, although some small businesses may struggle to keep up-to-date exactly with all tenets of the Data Protection Act, they can take a range of common sense steps to ensure they do not fall foul of the regulator’s wrath.

‘Any business that deals with individuals, whether it’s customers or employees, will have a certain amount of personal information… It’s the same issue whether you’re a small business or a large business,’ comments Mr Warwood.

‘A lot of data protection is actually just common sense: if you think about the sensitivity of personal information, and what’s the common sense way of ensuring its accuracy and protecting it, then you’re going a long way to complying with data protection principles – even if you don’t know it.

‘Password protection… keeping files in locked drawers or locked filing cabinets. It’s pretty common sense stuff, that businesses should be doing anyway.’

The Information Commissioner’s office received 24,000 data protection complaints in its 2006-2007 period.