Most FTSE 100 firms are unable to respond properly to a request to speak to the company’s Privacy Officer, according to research from Marketing Improvement. The marketing services firm found that only 28% of companies could direct the query to the correct person.

Researchers from the firm telephoned a random selection of 50 of the FTSE 100 companies, asking to be put through to the person responsible for data protection within the company – the Privacy Officer.

The researchers then analysed whether the switchboard operators understood what they were being asked – which they should have done if they had been properly briefed – and whether there actually was a Privacy Officer within the company.

Seventy-two percent of switchboards did not understand the question, says Marketing Improvement, and 26% responded immediately with a “No idea”. But with only one exception, all switchboards took time and trouble to find a solution.

Twelve-percent of calls were transferred to the IT department, 6% were sent to the customer service department and 6% to the legal department.

In 10% of cases, researchers were transferred to more than one department, and in one case it took four departments and 15 minutes before the researcher was eventually given an address to contact, rather than a person to speak to.

In only 34% of cases did researchers discover that there was actually a Privacy Officer – in some cases only being directed to the appropriate person after being wrongly transferred to a helpful third party. Sixty-six percent of the companies surveyed did not have a Privacy Officer.

Marketing Improvement blames this incompetent manner of dealing with such queries on a lack of enforcement on the part of the Information Commissioner.

“This lack of rigour causes an assessment of low compliance with or knowledge of Data Protection legislation as a medium business risk,” says the report.

It recommends that firms appoint a Chief Privacy Officer, establish the touch points between the firm and customers and ensure that they are properly briefed, and ensure that a clear privacy policy is on the company website, along with contact details.