Companies are risking legal action by failing to protect data held on personal digital assistants (PDAs) and smartphones, according to a survey.
While there are no official statistics about the number of these devices that have been stolen, as many as a quarter of staff surveyed on PDA usage by mobile security firm Pointsec Mobile Technologies claimed to have either lost or had their PDA stolen.
Two in five users have lost a mobile phone, with the most frequent places being taxis and restaurants.
But what was seen as merely irritating in the past now has more serious consequences, as 85 per cent of users say that they use their PDA as a business tool.
Users now typically store company passwords on their handheld devices as well as their own personal data such as bank and credit card details. A quarter of users said they also downloaded corporate data.
But 73 per cent of companies have no specific security policy for mobile devices, Pointsec said.
According to the Office of the Information Commissioner (OIC), the responsibility for securing data lies with businesses, regardless of whether devices are personally owned or bought by the company for business use.
"The responsibility for securing data lies with the company under the seventh principle of the Data Protection Act," an OIC spokeswoman said.
"This says companies must ensure that there are appropriate technologies and procedures in place such as encryption and passwords to protect data.
"A person whose data was inappropriately retrieved if a PDA was stolen could have the right to claim compensation."
Although there are no official statistics, the Pointsec survey shows a potentially serious problem for companies.
"While we haven't seen any high-profile cases, if a doctor or social worker or a high-ranking executive in a bank has their PDA stolen, someone is going to sue an organisation," Magnus Ahlberg, managing director at Pointsec, told vnunet.com.
"The Data Protection Act states that the company or IT manager is responsible for the protection of information. There is also the risk of industrial espionage."
Even simple security measures such as ensuring the devices are password protected are ignored, according to Ahlberg.
"It is still a reasonably immature technology. There are trials of encryption software underway, but it is still in the early stages and there is a long way to go," he said.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff