CEOs to account for data losses
By Stephen Pritchard,
Tighter laws could make UK chief executives directly responsible for breaches of customer data, such as those suffered by HM Revenue and Customs or the retailer TK Maxx.
According to a presentation by Information Commissioner Richard Thomas to the House of Commons' Justice Committee, chief executives would have to certify that companies had safeguards in place to protect personal data.
Failure to ensure such safeguards could become a criminal offence, and UK companies could be forced to disclose information security breaches.
According to IT security company Symantec, more than 30 US states have data disclosure laws. European Union law currently regulates how companies collect and store data, but makes few provisions for how businesses must handle security breaches.
"The types of measures [presented to the Justice Committee] could be useful if they make sure that information assurance has senior level attention," said Ilias Chantzos, Symantec's European director of government relations. "But there are a number of European member states that already have criminal sanctions and we are not sure how regularly these are enforced. I certainly don't know of anyone going to jail."
Nor might the measures put an end to high profile security breaches, industry experts warn. Instead, they are likely to add to compliance costs, especially for smaller firms. The rules could even prompt some organisations to move their data centres offshore, to countries with less onerous safeguards.
"There will be a lot of companies who don't know how to secure their data," said Carole Theriault, senior consultant at information security vendor Sophos. "Education should be the first point of call, rather than criminal sanctions. If I am burgled because I've left a door open, I want the support of the authorities, not punishment."
However, Theriault added that the public often blames the organisation that suffers a data loss, not the cyber criminals behind the attack.
A recent survey carried out by Sophos found that if a local government department lost personal data, 86 per cent of the public would hold the local authority responsible.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Networking Analysis & Insight
Bring you own device: the $600 question
Inside the enterprise: A recent Cisco report claims bring your own device is gaining support from IT departments. But how much are staff willing to invest in personal technology?
- Interop 2012: Q&A, Saar Gillai, CTO, HP Networking
- Is BT the key to broadband Britain?
- Tencent: the biggest web company you’ve never heard of
- The truth about spam
- Have ISPs finally lost the DEA fight?
- Are you ready to launch IPv6 securely?
- Broadband, pricing and small businesses
- Welcome to the stay-at-home Olympics
- Q&A: Cisco on servers, storage and strategy
Latest Networking Reviews
HP t410 All-in-One Thin Client review: First look
- Swyx SwyxExpress X20 review
- Ipswitch WhatsUp Gold Premium 15
- ForeScout Technologies CounterACT 6.3.4
- ThinPrint Printer Dashboard review: First Look
- TITUS Aware for Microsoft Outlook review
- Windows Phone 7 Mango review: First Look
- Dartware InterMapper review
- Kemp Technologies LoadMaster 3600 review
- Sangfor WANACC M5500 review
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- ICO: Fines for cookie law breakers
- Hutchison denies it will pull plug on Three UK
- Sony Vaio T13 Ultrabook review: First look
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
- Facebook floatation marred by Nasdaq glitch
- Open source software driving cloud-based innovation
- CIO: Career is over?
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell PowerEdge R820 review
PlayRegister for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
