Security professionals back a European directive which
requires companies to inform customers and regulators of data
security breaches.
The European Commission is expected to pass such a directive
this year, although it may take years for the UK to adopt it into
law.
This means consumers here will have less protection than
consumers in a growing number of US states already, when it comes
to data breach disclosure.
A survey by database security firm Secerno shows that 77% of IT
security professionals back a UK data breach disclosure law. A
recent Ipsos MORI poll found that 82% of UK consumers expect to be
notified immediately if there has been a security breach.
The Secerno survey also found that of those in favour of such a
law (49%) believe that companies should be forced to disclose a
data breach immediately, rather than delaying the announcement.
Paul Davie, founder of Secerno, said, "A situation that mirrors
the infamous
TJX breach in the US may already have happened in Europe, but
companies operating in this region are not legally obliged to
notify their customers - which only erodes public confidence."
Davie said, "Many businesses make the mistake of believing data
security to be just an IT issue, when it's evidently more important
than that - it's a
business issue that needs managing from the board level."
Secerno
is calling on UK firms to voluntarily disclose data breaches, ahead
of any legislation.
Business data protection: the expert view >>
Comment on this article:
computer.weekly@rbi.co.uk