To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/publicsector/0,3800010403,39167832,00.htm

Tell customers about data breaches, companies urged
Full Disclosure: Power to the people...

By Gemma Simpson

Published: Monday 16 July 2007

UK companies should warn customers if their personal data has been put at risk, according to the National Consumer Council (NCC).

Speaking at a Westminster eForum event, Anna Fielder, policy consultant with the NCC, said UK companies should produce security breach notifications, which inform an individual if their data has been compromised.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers, if there is a chance the breach has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or by emailing us at editorial@silicon.com.

Fielder added consumers should also have the power to freeze their own credit ratings when needed, to help prevent identity fraud.

But not all the eForum panellists agreed with the introduction of breach notifications. Gillian Key-Vice, director of regulatory affairs with credit company Experian, said if a breach has been managed properly there is no need for such notifications because they would cause "unnecessary concern" among the public.

More than four-fifths of UK consumers think companies that suffer data security breaches should let their customers know, according to a recent survey.

Also speaking at the Big Brother Britain? ID cards, surveillance and data security seminar, Jonathan Bamford, assistant commissioner for the Information Commissioner's Office, told silicon.com such notifications need to be kept in perspective and decisions to inform individuals should be made on a case-by-case basis.

Bamford added it would be counter-intuitive for a company to stop or slow down its efforts to overcome a security breach in order to send out emails informing its customers about that breach in the first place.

The UK's information commissioner called on CEOs to take the security of customer and staff information more seriously in a recent report.

silicon.com Public Sector

Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!

silicon.com's Full Disclosure campaign is calling on the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sector.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers, if the breach may have put individuals' sensitive personal data at risk. We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.