UK group pushes for stiff data security breach laws

A group representing technology firms is pushing UK lawmakers to pass breach notification laws and data protection rules.

It's something being seriously considered and there is a discussion about the impact of a law and how it should look.
Carrie Hartnell,
program managerIntellect

A trade association representing hundreds of technology firms in the UK is pushing hard for lawmakers there to develop a breach notification law and rigorous data protection rules.

UK-based Intellect has formed a data breach notification working group and held a roundtable discussion recently with representatives from government agencies, law enforcement, attorneys and legislators. Intellect is also conducting a survey among its members of attitudes towards data breach notification and stepping up its lobbying effort to get legislators to develop tougher standards in the UK.

"In terms of issues it's something being seriously considered and there is a discussion about the impact of a law and how it should look," said Carrie Hartnell, a program manager for Intellect. "The discussion is also around who would be informed, what level of information would a customer be given and whether it would apply to the whole of the UK industry or specific areas."

UK lawmakers have been carefully examining the impact of breach notification laws in the United States to craft rules that would have limited impact on the economy. An explosion of lost and stolen laptops in recent years and the massive data breach at Framingham, Mass.-based TJX Cos. has placed a spotlight on the issue in Europe, Hartnell said.

Data security breaches:
As data breaches snowball, IT pros look for answers: The Privacy Rights Clearinghouse says more than 166 million IDs have been compromised to date. IT professionals are seeking ways to ensure their companies don't add to the tally.

TJX should have had stronger Wi-Fi encryption, say Canadian officials: TJX Cos. should have moved faster to upgrade its Wi-Fi security from WEP encryption to WPA encryption, say Canadian officials.

Gap security breach exposes data on 800,000: The latest retailer to suffer a security breach is Gap Inc., which blames the exposure of data on 800,000 job applicants on a third-party vendor that manages the information.

TJX has acknowledged that at least 45.7 million credit and debit cards were stolen over an 18-month period by hackers who managed to penetrate the company's network. In addition to running the TJMaxx, Marshalls, Winners, HomeGoods, AJWright, and HomeSense stores in the US, it also operates outlets in Canada and UK.

Recent studies suggest that the costs associated with high profile data breaches are skyrocketing. Data breaches cost companies an average of $182 per compromised record, according to a survey conducted by the Elk Rapids, Mich.-based Ponemon Institute. So far, TJX said the costs associated with its breach have exceeded $256 million and some experts say that after settling lawsuits, TJX's expenses will skyrocket.

Currently the UK has data protection and notification rules limited to financial services firms. Those firms have specific procedures to follow if they discover a breach with notification of officials depending on the type of information breached.

Intellect's Hartnell also said that the trade group's members are in agreement that a regulatory body would need to be created to enact tougher data protection standards. It's unclear whether a law would be limited to the UK or if legislators will look toward the European Union to toughen rules across all of Europe.

"We recognize that this shouldn't just be a UK issue anyway," Hartnell said.

Specific goals of the working group will be developed in November. For now, the group plans to work out a practical solution to the problem and discuss the impact and cost that data braches have on businesses and on the technology industry as a whole.

Dig deeper on Identity Theft and Data Security Breaches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close