By Gemma Simpson, 16 July 2007 14:35
NEWS
UK companies should warn customers if their personal data has been put at risk, according to the National Consumer Council (NCC).
Speaking at a Westminster eForum event, Anna Fielder, policy consultant with the NCC, said UK companies should produce security breach notifications, which inform an individual if their data has been compromised.
silicon.com's Full Disclosure campaign - what we are asking for...
silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers, if there is a chance the breach has put individuals' sensitive personal data at risk.
We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or by emailing us at editorial@silicon.com.
Fielder added consumers should also have the power to freeze their own credit ratings when needed, to help prevent identity fraud.
But not all the eForum panellists agreed with the introduction of breach notifications. Gillian Key-Vice, director of regulatory affairs with credit company Experian, said if a breach has been managed properly there is no need for such notifications because they would cause "unnecessary concern" among the public.
More than four-fifths of UK consumers think companies that suffer data security breaches should let their customers know, according to a recent survey.
Also speaking at the Big Brother Britain? ID cards, surveillance and data security seminar, Jonathan Bamford, assistant commissioner for the Information Commissioner's Office, told silicon.com such notifications need to be kept in perspective and decisions to inform individuals should be made on a case-by-case basis.
Bamford added it would be counter-intuitive for a company to stop or slow down its efforts to overcome a security breach in order to send out emails informing its customers about that breach in the first place.
The UK's information commissioner called on CEOs to take the security of customer and staff information more seriously in a recent report.
silicon.com Public Sector
Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!
silicon.com's Full Disclosure campaign is calling on the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sector.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers, if the breach may have put individuals' sensitive personal data at risk. We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.
Comments
There is 1 comment. Join the discussion
1. Nigel Hopgood
Security Breach Notification is a topic that is misunderstood and needs further debate to ensure we implement a positive culture. In the US we are seeing more and more notifications delivered to consumers (over 120 million) and if we are not careful we will run the risk of a large volume of SBNs being delivered and their frequency and number will have no impact on the consumer. In the US stock price is affected in the short term but climbs back to original levels.
We need a culture of securing, encrypting and anonymising/pseudonymising personal data, a much stronger Information Commissioner with real powers to enforce, notification to the Commissioner of breaches, rather than just the individuals who have suffered the breach, and finally strict legislation to underpin breaches of personal data.