You are here: silicon.com > Research > Special Reports > Full Disclosure

Tech companies back data breach law

Full Disclosure - time to treat personal information as an asset

By Steve Ranger

Published: 2 October 2007 11:57 BST

More than 50 per cent of the UK's technology companies want legislation forcing companies to notify their customers of data breaches, according to a survey from industry body Intellect.

An exclusive peek at the preliminary results ofa survey of Intellect members on the subject of data breach notification shows just over half are in favour of legislation - and the same proportion said such legislation should cover both public and private sectors. Data breach legislation is the subject of silicon.com's Full Disclosure campaign.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the infringement has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below, emailing us at editorial@silicon.com or signing the 10 Downing Street e-petition.

The respondents - a mix of small and large businesses - also said the legislation should cover all forms of information, not simply that found online.

Three quarters of the Intellect members to have responded so far said that in the case of a breach the notification should go to the affected customers and the regulator. Only a quarter said it should go to all customers, and one in five said the police should get a copy.

When asked what were the risks of data breach notification, four out of five respondents said over notification could be an issue, with one in five also pointing to the potential for phishing.

The tech supplier body is also launching a working group to examine the viability of data breach notification law in the UK - and the potential impact it will have on businesses.

Barbara Navarro, chair of the group, said most consumers and businesses are not in the habit of treating personal information as an asset - but they should be. She warned that if the underlying infrastructure supporting such data is not secure, then there is a danger that consumer and business confidence will be undermined, damaging our economy.

Data breach notification could be one way of helping businesses to behave more responsibly towards data, but is unlikely to be sufficient by itself, she said.

The working group - which will hold its first meeting in November - will also discuss the impact and cost data infringement has on businesses and on the technology industry as a whole, and plans to work with employers to raise the level of importance their staff and their corporate processes place on safeguarding personal data.