You are here: silicon.com > Software > Security Strategy

Security Strategy

Pressure grows for UK data loss disclosure

'I wish they all could be California laws... '

Tags: e-tail, mcafee, banking, pgp

By Will Sturgeon

Published: 16 March 2007 13:05 GMT

The UK is in desperate need of revisions to laws that govern the disclosure of information relating to data loss or theft, according to security experts.

Currently UK organisations that lose sensitive customer or employee data, or expose it to others, do not have to disclose details of the breach - even to those affected.

Now, in the wake of recent data losses, security experts have called on UK legislators to bring laws in line with US law SB 1386, which was introduced in California in 2003 and has spread to 34 states, requiring full disclosure.

Martin Carmichael, CSO at McAfee, told silicon.com: "I think companies should be accountable. Accountability is a vital part of security and if a company has a data breach I think they should be prepared to talk about it.

"I am surprised the UK doesn't have anything in place like SB 1386."

And that feeling was echoed by Phil Zimmerman, the founder and writer of PGP encryption, who described SB 1386 as "a fiendishly clever piece of legislation" because it not only makes companies more 'on the ball' for fear of having to admit breaches or losses but also empowers consumers to make more informed choices.

The effect of being 'outed', said Zimmerman, is a very powerful tool. "I think companies respond far more to the outing than they would to a fine," he said.

Zimmerman added: "In the UK you really should push your government to force disclosure."

Here in the UK there is no such requirement for companies to warn customers if their personal data has been put at risk. Last year this led to criticism of the way a potential security breach, which resulted in thousands of credit cards being cancelled, was handled.

As a spokeswoman for the Information Commissioner's Office told silicon.com last year: "There is nothing in the Data Protection Act that legally obliges companies to inform customers when these things occur."

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

BI Consultant / BI Expert - Data Warehousing / BI

You should make yourself aware of how immigration laws apply to your situation before applying for any jobs. Huntress does not discriminate on the ...

C# ASP.NET Developer, Programmer, Engineer - Suffolk

You should make yourself aware of how immigration laws apply to your situation before applying for any jobs. Huntress does not discriminate on the ...

CALLING ALL PERFORMANCE TEST EXPERTS - UK

Huxley Associates currently have a number of requirements for Performance Testers with extensive industry experience. The roles require that you have ...

CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.





Quick Sitemap Links: