UK consumers demand data breach disclosure

UK consumers are demanding companies that suffer data security breaches must let their customers know.

The majority of respondents to a survey carried out by Ipsos MORI for database security company Secerno felt institutions that have suffered a breach should inform customers automatically, with more than 82 per cent expecting to be informed of any data loss.

Consumers also believe time is of the essence when reporting data breaches, with 82 per cent expecting the institution suffering the breach to notify them immediately.

However, there remains a powerful disincentive for retailers and financial services companies to be more vocal: shoppers are also prepared to vote with their feet. Of the more than 1,200 adults questioned, 53 per cent said they would stop using the services of a company that admitted a breach.

Paul Davie, CEO of Secerno, told silicon.com: "Basically there's been a steady sensitisation of people's attitude to this sort of thing."

The survey comes in the wake of the world's largest data loss incident, which saw customers of TJX retail group - which owns the TK Maxx chain - warned to check their credit card statements to spot any unauthorised transactions.

The UK has also had its fair share of data breaches, including the theft of a laptop from Nationwide building society which contained some customer details.

Under UK law, retailers and other institutions that suffer data loss do not have to disclose the breach to customers, even those directly affected by the breach.

It's a very different picture in the US, where a piece of legislation called SB 1386 forces any company that has lost customers' data to make the loss public. Security experts have called for the UK to embrace a similar system.

Davie said: "The government has to become involved in the way it has in the US in requiring there is disclosure. If the senior management of companies know there are legal sanctions if they try to sweep breaches under the carpet, that will address their thinking and give them a better incentive to take the right security measures to make sure they don't appear on the morning news."