You are here: silicon.com > Financial Services > News

UK consumers left in the dark on data breaches

Do we need stronger laws to force businesses to act?

Tags: data breach

By Dan Ilett

Published: 2 May 2006 12:35 GMT

A number of high-profile data security breaches have shocked UK consumers - and yet there is no requirement for companies to warn customers if their personal data has been put at risk.

US financial companies are coming under increasing pressure to inform their customers about data breaches. For example a Californian law - the Security Breach Information Act (SBIA) - requires any company with a presence or customers in the state to notify customers if their personal data could have been compromised.

Plans for a similar law to cover the whole US - the Data Accountability and Trust Act - are being presented to the Federal Trade Commission for approval.

Companies don't want to tell their customers if there has been a breach because they think it damages their reputation. It's a Catch-22 situation.

In contrast, UK consumers are being left in the dark about potential security breaches.

A spokeswoman from the Information Commissioner's Office (ICO) told silicon.com: "There is nothing in the Data Protection Act that legally obliges companies to inform customers when these things occur.

"Basically where our role comes into play is when complaints come into the ICO and are then investigated. Then notifications would be posted and they [companies] would have to comply with them."

And some experts argue that the law is already strong enough to give consumers what they need to know.

Clive Davies, a partner in the law firm Olswang, told silicon.com: "There is no obligation to tell everyone [about breaches] but people could find out about it. I haven't come across any lobbying activity [to change the law] because we already have adequate protection."

But tougher laws would make companies think again about security, argued Richard Starnes, president of the Information Systems Security Association.

He said: "There is nothing I am aware of in the UK that is equivalent to SBIA. Businesses looking to protect their customers' data would have to be a lot more proactive if they had to disclose breaches."

While businesses might not welcome such a law, consumers would, he said.

Starnes added: "Businesses would not be interested in this of course but consumers would. One of the reasons that consumers don't use the internet is because they are scared of ID theft. Companies don't want to tell their customers if there has been a breach because they think it damages their reputation. It's a Catch-22 situation."

Businesses fear damage to a their reputation much more than financial losses when it comes to security breaches, according to research by consulting house Deloitte.

And there is an acceptance that the financial services industry needs to do more to address the issue, said Mike Maddison, leader of security and privacy at Deloitte, in a statement

He said: "Tackling the problem needs involvement from regulators, customers and many parts of a financial institution."

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

silicon.com Financial Services
Get the latest financial services news straight to your inbox. Sign up for the FS newsletter today!


  • Jobs
Project Controller - SAP - Primavera

This processing will be carried out in accordance with the UK Data Protection Act. In compliance with the regulations in place under the Employment ...

Test Systems Engineer (Passive)

This processing will be carried out in accordance with the UK Data Protection Act. In compliance with the regulations in place under the Employment ...

Thermal Engineer

This processing will be carried out in accordance with the UK Data Protection Act. In compliance with the regulations in place under the Employment ...

Nick Beecham and Belinda Doshi
No more tax breaks for offshoring?
Financial services firms must prepare now for 2010 legal changes

Tim Ferguson
On a new Voyager, tackling fraud and the intellectual challenge
Interview: Nationwide IT director, Peter Stafford

Nick Heath
David Lister on smart grids and why he left RBS
Interview: National Grid CIO

Andy Jones
Why banks will push ahead with offshoring
Comment: Even if they don't want to

Catherine Stagg-Macey
Legacy IT holding back insurers
Comment: Economic crisis means finance giants must step lively

Julian Goldsmith
The City fund manager with no IT department
Q&A: How asset management is embracing the cloud...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.




Quick Sitemap Links: