Small and medium-sized enterprises are not as aware of the principles of the Data Protection Act as larger organisations, according to the Information Commissioner's Office.
Only 22 percent of SMEs surveyed were aware the Act requires them to keep customer information accurate and up-to-date, according to research commissioned by the Information Commissioner's Office (ICO).
Furthermore, only around half of respondents said they recognised the importance of keeping personal information secure.
The information commissioner, Richard Thomas, said these findings are a "considerable concern", when the increasing risk of identity fraud is taken into account.
Thomas added that, while individuals are being urged to protect their personal information, businesses also have this responsibility and must take it seriously.
Thomas said most organisations know it makes business sense to comply with the Act — according to the research, 94 percent of businesses feel the legislation is needed.
The ICO has published official guidelines aimed at the SME sector, suggesting how they should train their staff to handle personal information properly.
Thomas added the ICO will not hesitate to take action against businesses that fail to protect customer information effectively.
The research was carried out in August and September this year and covered 813 organisations in the UK.