Employers are ignoring legal obligations to train staff in how to handle personal data, to a survey from IT Governance.

According to the survey of 130 technology and compliance professionals, 96 percent of the organisations held customer or patient information, 56 percent held financial information, 39 percent held sensitive personal information - i.e. ethnic or political affiliation - and 36 percent held medical information. But only 55 percent of the employees at these organisations had been trained on the legal responsibilities they had in their handling of that information.

"Under the Data Protection Act it is a legal requirement for organisations to safeguard personal information, but this can only be achieved with the support of employees," said Alan Calder the IT Governance chief executive.

Carrying out its research IT Governance found that employees regularly side-stepped policies and procedures purely to do their jobs. IT Governance said this was because information management policies were either too obtrusive in design or implementation.

Organisations are aware of their responsibilities under the Data Protection Act, with over 80 percent tasking an individual for data control and maintaining privacy. Documented procedures existed in 68 percent of organisations polled; policies for protecting personal data existed in 82 percent of organisations.