And gov't spot checks on the cards
By Nick Heath
Published: 3 July 2008 15:22 GMT
The UK's privacy watchdog says the country is a step closer to getting a law forcing organisations to reveal data breaches, thanks to draft EU legislation.
Deputy information commissioner David Smith said proposals to revise the EU's ePrivacy Directive could be the "catalyst" needed to get data breach notification into UK law.
Amendments to the directive would require "providers of electronic services to inform users of breaches of data protection" and will be voted on by the EU later this year.
Full Disclosure campaign
silicon.com is aiming to make businesses and government take data security more seriously. Read more here.
Smith said: "There is increasing pressure to bring in a law for data breach notification.
"It looks as if breach notification may come out of the review of the ePrivacy Directive, it could be a catalyst for a law to cover all types of communications."
But he cautioned against notification on every data breach, saying it was important the Information Commissioner's Office (ICO) did not become swamped with "minor incidents".
A rethink of UK data protection laws is something that silicon.com has been calling on for the last year as part of its Full Disclosure campaign.
Smith also told silicon.com the ICO was about to be given the power to carry out data security spot checks on central government.
But he warned the ICO appeared to be more than "months away" from being able to carry out unannounced inspections on the private sector, despite such audits being commonplace in the rest of Europe.
Smith added that it was important for government departments to put in interim measures to guard against data breaches, such as carrying around the minimum amount of information, while carrying out the lengthy process of encrypting all personal data.
The Department of Health recently revealed that many trusts were unlikely to complete encryption of personal data for several months.
Last month the ICO disclosed it has had 138 reports of data breaches since last November - but Smith added he thought the scale of private sector breaches was far greater than reported.
Smith told a Westminster eForum meeting on information security: "What has changed today is the scale of the information being handled and the ease with which it can be lost."
Ensuring that any breach of security is immediately investigated and reported and that the outcome is recorded in the company breaches register and ...
My client based in the Berkshire area is recruiting for a campaigns executive with excellent experience of a campaign management software such as ...
The Head of Threat Management will specifically deliver an integrated and industry leading set of related disciplines in the areas of Financial ...
Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
silicon.com
Inbox: Why is Westminster lost for Words?
"Why are they worried about being able to open documents? They'll only lose them or leave them in the back of a taxi"
silicon.com
Inbox: Brits baying for blood over ID
"Biometrics is a way of safeguarding against fraud but it is not that magical solution to identity theft"
Alan Brown
NHS IT to benefit Southern England - at last
Comment: Mental health care app ready for prime time
silicon.com
Inbox: ID guinea pigs, snooping database and CIO standards
"It's the divide and conquer approach, or 'how to eat an elephant'"
John O’Brien
London 2012: Will IT be hit by credit crunch?
Funding for tech could fall short
Peter Cochrane
Peter Cochrane's Blog: Government gaffe
Misunderstanding IT… again