CEOs to account for data losses
By Stephen Pritchard,
Tighter laws could make UK chief executives directly responsible for breaches of customer data, such as those suffered by HM Revenue and Customs or the retailer TK Maxx.
According to a presentation by Information Commissioner Richard Thomas to the House of Commons' Justice Committee, chief executives would have to certify that companies had safeguards in place to protect personal data.
Failure to ensure such safeguards could become a criminal offence, and UK companies could be forced to disclose information security breaches.
According to IT security company Symantec, more than 30 US states have data disclosure laws. European Union law currently regulates how companies collect and store data, but makes few provisions for how businesses must handle security breaches.
"The types of measures [presented to the Justice Committee] could be useful if they make sure that information assurance has senior level attention," said Ilias Chantzos, Symantec's European director of government relations. "But there are a number of European member states that already have criminal sanctions and we are not sure how regularly these are enforced. I certainly don't know of anyone going to jail."
Nor might the measures put an end to high profile security breaches, industry experts warn. Instead, they are likely to add to compliance costs, especially for smaller firms. The rules could even prompt some organisations to move their data centres offshore, to countries with less onerous safeguards.
"There will be a lot of companies who don't know how to secure their data," said Carole Theriault, senior consultant at information security vendor Sophos. "Education should be the first point of call, rather than criminal sanctions. If I am burgled because I've left a door open, I want the support of the authorities, not punishment."
However, Theriault added that the public often blames the organisation that suffers a data loss, not the cyber criminals behind the attack.
A recent survey carried out by Sophos found that if a local government department lost personal data, 86 per cent of the public would hold the local authority responsible.
advertisement
Latest Internet Features
The continued curse of cybersquatting
For some, it’s a problem confined to the early days of the Internet. But current figures suggest that the cybersquatting problem is, if anything, growing.
- Where next for Microsoft, Yahoo and Google?
- Top 10 mobile features of 2009
- Top 10 security predictions for 2009
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- Top 10 business phones of 2008
- 15 tech charities that need your help
- PCI's Bob Russo: Data loss hurts brand more than a fine
Latest Internet Reviews
Fujitsu Siemens FibreCAT SX80 iSCSI
Rating: 
advertisement
Latest News Videos in Internet
Video: Q&A with Easynet Connect's Chris Stening
PlayIT PRO spoke to Chris Stening, managing director of Easynet’s SME division, about whether ISPs are giving businesses the service they deserve.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?