UK group pushes for stiff data security breach laws

By Robert Westervelt, News Editor 04 Oct 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

It's something being seriously considered and there is a discussion about the impact of a law and how it should look. Carrie Hartnell, program manager, Intellect

A trade association representing hundreds of technology firms in the UK is pushing hard for lawmakers there to develop a breach notification law and rigorous data protection rules.

UK-based Intellect has formed a data breach notification working group and held a roundtable discussion recently with representatives from government agencies, law enforcement, attorneys and legislators. Intellect is also conducting a survey among its members of attitudes towards data breach notification and stepping up its lobbying effort to get legislators to develop tougher standards in the UK.

"In terms of issues it's something being seriously considered and there is a discussion about the impact of a law and how it should look," said Carrie Hartnell, a program manager for Intellect. "The discussion is also around who would be informed, what level of information would a customer be given and whether it would apply to the whole of the UK industry or specific areas."

UK lawmakers have been carefully examining the impact of breach notification laws in the United States to craft rules that would have limited impact on the economy. An explosion of lost and stolen laptops in recent years and the massive data breach at Framingham, Mass.-based TJX Cos. has placed a spotlight on the issue in Europe, Hartnell said.

Data security breaches: As data breaches snowball, IT pros look for answers: The Privacy Rights Clearinghouse says more than 166 million IDs have been compromised to date. IT professionals are seeking ways to ensure their companies don't add to the tally. TJX should have had stronger Wi-Fi encryption, say Canadian officials: TJX Cos. should have moved faster to upgrade its Wi-Fi security from WEP encryption to WPA encryption, say Canadian officials. Gap security breach exposes data on 800,000: The latest retailer to suffer a security breach is Gap Inc., which blames the exposure of data on 800,000 job applicants on a third-party vendor that manages the information.

TJX has acknowledged that at least 45.7 million credit and debit cards were stolen over an 18-month period by hackers who managed to penetrate the company's network. In addition to running the TJMaxx, Marshalls, Winners, HomeGoods, AJWright, and HomeSense stores in the US, it also operates outlets in Canada and UK.

Recent studies suggest that the costs associated with high profile data breaches are skyrocketing. Data breaches cost companies an average of $182 per compromised record, according to a survey conducted by the Elk Rapids, Mich.-based Ponemon Institute. So far, TJX said the costs associated with its breach have exceeded $256 million and some experts say that after settling lawsuits, TJX's expenses will skyrocket.

Currently the UK has data protection and notification rules limited to financial services firms. Those firms have specific procedures to follow if they discover a breach with notification of officials depending on the type of information breached.

Intellect's Hartnell also said that the trade group's members are in agreement that a regulatory body would need to be created to enact tougher data protection standards. It's unclear whether a law would be limited to the UK or if legislators will look toward the European Union to toughen rules across all of Europe.

"We recognize that this shouldn't just be a UK issue anyway," Hartnell said.

Specific goals of the working group will be developed in November. For now, the group plans to work out a practical solution to the problem and discuss the impact and cost that data braches have on businesses and on the technology industry as a whole.

Tags: Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Security expert's PCI analysis misguided, says PCI Council GM External attacks start with unintentional mistakes, survey finds

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary