Barely one in 10 British companies is operating a legal email service, according to value added reseller SCC. 

The study of 25 UK blue chip companies, including financial, legal, insurance and retail firms, found 87 per cent in breach of requirements set out in the Data Protection Act and Sarbanes-Oxley.

None of the organisations had a fully compliant email policy in place, despite over half experiencing compliance-related issues in the past.

"Organisations need to take a more assertive approach towards tackling compliance," said Paul Eccleston, UK business solutions director at SCC.

"Liability in most cases remains with the data owner, so it's in a company's interest to ensure that senior staff implement secure email management systems.

"With fines of up to £3m and criminal penalties of up to 20 years, this issue should be at the top of the business agenda."

Eccleston pointed out that directors did not seem to realise that they were directly responsible for the situation and would be held to account by the regulators.