The push for the European Directive on Data Protection to be passed as UK law is gathering pace, according to database security company, Secerno.
A survey of IT security professionals at Infosec 2007 found that 77 per cent believe companies should be obligated by law to disclose when they have been the victim of a data security breach. The survey also found that of those in favour of such a law, nearly half (49 per cent) believe that companies should be forced to disclose a data breach immediately rather than delaying the announcement.
Even greater concerns regarding data security have also been voiced outside of the IT community. Independent research recently conducted by Ipsos MORI found consumers to be even more concerned about data breaches 82 per cent expect to be notified immediately if there has been a security breach and their personal details have been compromised. Upon hearing of a data breach, most consumers (53 per cent) would vote with their feet and stop using the affected organisations services immediately.
Paul Davie, founder of database security company, Secerno, comments: Unfortunately, we don't know the scale of all data security breaches in the UK. Statements from the US-based Privacy Rights Clearing House suggest 100m records have been exposed during their two years of monitoring such events. In the UK, there is no legislation which demands the publication of such breaches, so the extent of the problem here is hidden any of us could have been affected we often dont find out until its too late. There is a clear demand from security professionals and consumers that the Government and the EU should follow the USs lead and impose a legal framework that forces companies to disclose breaches. A situation that mirrors the infamous TJX breach may already have happened in Europe, but companies operating in this region are not legally obliged to notify their customers which only erodes public confidence.
Floridas Attorney General McCollum recognises the importance of protecting consumers from the threat of identity theft. "Identity theft steals not only money, but also a person's good name and reputation. Any effort made by corporate entities to protect customers from identity theft is a positive step in the right direction."
[ISB has always supported this legislation. Only by making information security a serious competitive issue will it improve. --Ed].
Related links: (Open in a new window.)
Taken from Information Security Bulletin.