Should software companies be liable for data breaches?
By Asavin Wattanajantra,
Holding software companies, ISPs and financial institutions liable for public and private sector data breaches could help prevent them, according to an internet public policy expert.
Speaking at ENISA’s annual security conference in Greece, Ian Brown, a senior research fellow at the Oxford Internet Institute, said that holding them liable could help prevent data breaches better than direct spending on government intervention.
But Brown admitted such a rule would be politically difficult to enforce. Last year, the immediate response by the UK government to a House of Lords report recommending a new data-breach law on liability was a firm ‘no’.
Brown said: “They didn’t give a reason why. I imagine part of the reason - and I’m not being super-cynical here - was that behind the scenes there were software companies, ISPs and banks that are influential within government.”
He said that security breach notification laws were a step in the right direction, at least forcing firms to be transparent when things went wrong.
“I think there are some government MPs who would still like to move in that direction, and I think that would be a positive thing,” he added.
You may also like...
![My email address is [CENSORED]](http://cdn.itpro.co.uk/images/front_picture_library_IT_Pro/dir_227/it_photo_113980_36.jpg)
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Striving to solve the security skills crisis
The Cyber Security Challenge is doing a fine job, but flat registration growth and weak Government funding are cause for concern, Tom Brewster discovers.
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
- Are the cookie laws crumbling already?
- Sticking security where the sun don't shine
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Virgin remains on top in broadband speed race
- Will someone rid me of these troublesome Macs?
- MPs call for infection detection database
- A data shock warning for Orange customers
- What can Intel bring to the smartphone market?
- T-Mobile announces 'UK's first' fully unlimited deals
- Nokia Lumia 710 review
- Cisco launches turbo-powered wireless access point
- Facebook unveils $10bn IPO plans
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Too late...
This sort of move is about 30 years too late. Software today is too complex. It impossible to test it completely. All you can hope for is best effort and that the developers and admins respond in a timely manner, when a breach is discovered. It would be nice and it sounds easy when you look at it at a political level. Look deeper and who do you blame? The user? The admin who runs the site? The company that installed the computer? The software developer? The person who configured the software? The person who configured the OS? The person who installed a 3rd party app? The os manufacturer? There are just too many variables to lay the blame clearly in all cases. In some cases, where an admin fails to secure a network, you have a scapegoat, but when it is a combination of user, application, driver, operating system and infrastructure, who is to blame?
By big_D on Friday Sep 18