You are here: silicon.com > Software > Security Strategy

Security Strategy

Privacy breach companies 'must be named'

The public has a right to know, say silicon.com readers

Tags: card fraud, breach

By Steve Ranger

Published: 2 May 2006 17:10 BST

Companies that suffer security breaches in which customer data is put at risk should be publicly named, according to silicon.com readers.

Last week silicon.com revealed that a potential security breach at a UK-based online retailer is being investigated and has led to thousands of MasterCard and Visa holders having their credit cards cancelled.

And now silicon.com readers - many of them card holders who have been affected - are calling for the retailer's name to be made public.

I will be reviewing my use of internet retailers in the future.

A reader - among those to have their card replaced - said: "As one of those 4,000 affected, I believe that if there is no doubt as to where the data originated then we should be made aware of that fact."

Another anonymous reader added: "It is not acceptable for the name of the retailer to be kept secret. The public have a right to know."

A marketing director called Iain pointed out that US companies have different rules to follow: "If this happened in [the] US, the retailer would be exposed and hit with hefty PR and financial costs. Not much point in having Data Protection laws if they only generate a slap on the wrist."

Stuart Horner, a managing director from Sheffield, said "I fully agree that the retailer should be named - if only to protect future users of their site. I will be reviewing my use of internet retailers in the future."

In the UK companies are not required to go public with data breaches, in contrast to California - and soon possibly the whole of the US - where legislation requires them to do so.

A spokesman for the Information Commissioner's Office (ICO) said there is nothing in the Data Protection Act to require a company to inform either its customers or the ICO if a data breach has occurred but added: "If a company has a breach then it would help us if they let us know... In terms of us taking action, if we receive a complaint we will investigate in the normal way."

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

OCCUPATIONAL HEALTH NURSE- CIRCA 30,000

The responsibilities include co-ordinating these annual check, conducting back to work interviews for short term sickness, helping with Health and ...

Information Security Officer

You should make yourself aware of how immigration laws apply to your situation before applying for any jobs. Information Security Issues ISEB ...

S55189: Security/Quality Analyst

Investigate any security questions delegated by the unit management office quality lead. Maintain awareness of security and data protection ...

CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.





Quick Sitemap Links: