Personal data held by far more companies than internet shoppers realise

The research from data security firm Ground Labs suggests that the average UK consumer is giving away more data than they realise.

When asked how many organisations they believe hold their personal data, 84 per cent of consumers guessed at fewer than 20 with almost a third guessing that fewer than ten organisations hold sensitive data about them.

However, once presented with a list of 50 online services and retailers, two out of five customers calculated that the reality was significantly higher than their original estimate. This was based on their knowledge of interactions in the past 12 months alone.

The survey only offered 50 examples across the many thousands of organisations currently in receipt of customer data, from airlines and retailers to online services and utility companies.

“Unless customers have an accurate idea of who has access to their data, they are unable to take the precautions necessary to protect themselves online,” said John Cassidy, VP with Ground Labs.

“Customers dramatically underestimate how many companies have access to their information, as illustrated by our survey. We only asked people to pick from 50 of the biggest online companies; in reality, the number of organisations who have access to any one individual’s data is much, much higher than our survey suggests.”

According to Ground Labs, the total number of companies you interact with is simply a starting point.

Automatic backups, log files and emails, plus companies who legally share information with third parties can generate hundreds and thousands of potential copies of your data both on and offline. On top of this, many companies will keep records of former customers for months or even years.

“A conservative estimate would suggest that for any given adult, hundreds of thousands of copies of personal data reside on physical devices and cloud storage platforms both in and outside of the UK,” Cassidy added.

“Most people are unaware of the multiplying effect when dealing with so many service providers and so the responsibility must fall on companies to protect this sensitive data.”

New figures from the Office of National Statistics show that fraud and cyber-crime are the most common types of crime in the UK, with nearly six million offences committed last year alone.

Last month it emerged that customer data stored by mobile operator O2 was being sold on the 'dark web' after it had been leaked through the gaming website XSplit in 2013.