Demand for tougher data breach legislation

gallery

"There are multiple levels to a notification law like this. Who do you let know? Do you let know the people whose data it involves, or a wider audience? There was the HMRC case where everyone was informed with a letter, sent in the post, with the same private details in the letter. Sometimes informing, depending how you inform, could exacerbate the problem."

Technology the answer?

So if stronger legislation to punish and notify isn't an option, what can be done to prevent further security breaches? According to Bamforth, as IT PRO has previously reported, government and organisations should be looking at existing technologies and good old-fashioned people management to prevent security holes.

"Encrypting and authenticating are two obvious means," said Bamforth. "Why are we even moving data around when accessing it remotely might be more secure? Keep the data where it can be centrally well managed and protected and then use electronic means of access rather than physical means."

"However, while it's possible to say we can throw some technology at it and potentially fix the problem, the reality revolves around how it's used and the people side of it," he said. "Are employees being sufficiently educated in what their responsibilities are or what good practice is? These are the things that have a profound affect. Technology can only support all of those things. But this will of course cost time, resources and money."

Surely it's a cost that's worth the price. Whether the government decides to push forward to criminalise data breaches or instead aims to promote best practice with ICO spot-checks and more efficient use of existing technologies, it's clear that something has to be done before security breaches cease being a potential risk to the state and individuals and become an actuality.

Email to a friend

Print this page