Is it time to criminalise data breach cover ups?
By Tom Brewster,
ANALYSIS The US is really upping its game in the fight against cyber crime.
In the past month, the Obama administration has made some moves to protect the nation from cyber attacks, releasing its first International Strategy for Cyberspace.
Now, in the proposed Personal Data Privacy and Security Act, the US Government has recommended criminalising data breach cover-ups.
Under current UK law private companies are not required to confess to data breaches, hence why the Information Commissioner’s Office (ICO) has fined public bodies considerably more.
It looks likely the UK will one day make data breach disclosure mandatory, but should we follow the US and criminalise cover ups?
The ups and downs
It’s clear there would be benefits to criminalising concealing of data breaches, the central one being the extra deterrent.
“There is clearly merit in ensuring that data breaches are not hidden from those they affect, given the numerous high profile hacks that have taken place in the last six months,” said Chris Boyd, senior threat researcher at GFI Software.
However, over regulation can be a stifling force. According to Boyd, smaller companies could be disadvantaged, given they don’t have the same resources as big corporations to protect themselves.
“There is a worry that smaller companies will struggle to implement the same level of security protection as their much large rivals, running the risk of bad publicity, fines and further attacks,” Boyd told IT Pro.
“It's concerning to think that we'd require further legislation such as this to make certain companies look at how they can improve their security instead of them doing it by default.”
Certainly, companies should have security as one of their chief priorities, not just from a compliance perspective but out of respect for their customers.
Nevertheless, it would seem sensible to threaten companies with legal action. If companies can break laws and get away with it simply because they don’t have to confess their sins, it makes for a pretty light-handed system. Sometimes fear is the best medicine.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest IT Legislation Analysis & Insight
The Digital Economy Act: Is it doomed to never happen?
As a further delay hits part of the implementation of the Digital Economy Act, is this just a small hiccup, or is the Act being rendered toothless already? Simon Brew takes a look.
- Does the government want to snoop on your data?
- Have ISPs finally lost the DEA fight?
- Government IT: Apples for the mandarins
- ACTA: the basics, the controversies, and the future
- Striving to solve the security skills crisis
- Erase and rewind: the EU and privacy
- 2011: The year in news
- Are the cookie laws crumbling already?
- UK rural broadband: too little, and too late
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
