 |
|
| CURRENT SECTION :: Jobs | UK's most visited IT Contractor Site - 250k unique visitors March 2008 |
|
 |
The UK’s private sector bodies should be legally bound to notify customers if they breach or put at risk their personal information. The fresh call for US-style data laws to be introduced in the UK was made on Friday by the National Consumer Council in an interview with the Financial Times. “Unlike many states in the US, the UK does not have legislation compelling firms to alert their customers after unauthorised access to their personal data,” the NCC said. “The consequences of identity theft can be devastating both financially and emotionally for victims. That’s why the law is needed.” The call follows a string of data losses by both government and by businesses, and ends a week in which a laptop containing 1million people’s details ended up on eBay. Currently in the UK, there are no laws to force public or private ‘data controllers’ to protect people’s details, like via encryption, or to notify them if it they get lost or stolen. In line with the law, the MoJ admitted it chose not to notify any of the 27,000 taxpayers who had their personal details leaked from PC discs it failed to secure. The department said notifying those involved may ‘create an unacceptable risk of harm’, may breach data laws and was not recommended by its “risk assessment.” Similar language has been used by internet service providers when they put customer details at risk, but ‘notification’ laws for ISPs are now being proposed by the EU. A law covering all data controllers would be an incentive for providers to improve their security, said Ann Fielder, policy officer at the NCC, who issued the call. But safeguards should also be put in place on all data controllers’ systems from the outset, according to the ‘Privacy by Design’ campaign being run by the Information Commissioner’s Office. Jonathan Bamford, assistant commissioner at the ICO, said, “For many years we have urged organisations to consider the impact on individuals’ privacy before developing new IT systems. “However progress has been disappointing. In our view organisations could be doing more to protect individuals’ privacy by adopting ‘privacy by design… in the planning stages of any new project.” The privacy watchdog has tasked Enterprise Privacy Group to report on the best ways organisations can build in privacy protection before implementing new initiatives and technologies. Last week a survey by Infosecurity Europe found that 69% of IT security staff rated the most significant issue they faced as 'how to prevent data leakage from within an organisation'. Infosecurity Advisor Mike Barwise reflected: “Even where security has been considered at the inception of a project, lack of security understanding, inadequate systems analysis, over-optimistic budgeting and time pressure on the part of both business and developers can lead to it being pared away as the project progresses.” Sep 1, 2008 Email this article Printer friendly page Previous Page
|
|
 
|
||||||||||||||||||||||||||||||||
| All content © Contractor UK Limited | [Register for News Letter] | [Privacy Statement] | [Terms of Use] | [Top of Page] |