An influential House of Lords committee is to re-open
an
inquiry into e-crime and the security of personal data on the
internet after members of the committee branded the government's
reactions to its recommendations as "vacuous, idle and
irrelevant".
The
Lords Science and Technology Committee called for new laws to
require businesses to encrypt personal data, report security
breaches to their customers and to to make suppliers liable for
damage caused by flaws in their software, in a controversial report
in August.
But members said the government's "complacent" attitude to its
recommendations, coupled with the recent string of high-profile
data breaches, meant they had no choice but to call civil servants
back for questioning. They plan to grill civil servants on their
"inadequate" response and are threating to summon ministers to
answer questions.
"IT communication and business is going to be at the heart of
commerce for decades to come. We have got to get a grip of it now.
The government's response to our suggestions was vacuous, idle and
irrelevant," said Lord O'Neill, committee member.
The committee says a series of high-profile security breaches
have shown that the government and business need to take action to
protect the publics personal data and to reduce the impact of
e-crime.
The
HMRC's loss of discs containing the personal details of 15 million
people and
the loss of laptops containing details of 11,000 children by
Nottinghamshire County Teaching Primary Care Trust in March
last year have propelled the security of personal data into the
headlines. Marks & Spencer lost the details of 26,000 staff
after a laptop was stolen in May.
"We want to shake things up so we are not in this position in a
year's time," said Lord Errol.
The committee's 2007 report was an attempt to address the
growing problem of e-crime. It called for more powers for the
Information Commissioner's Office to enforce data protection in
businesss and the public sector, a central, automated system for
reporting e-crime, and banks to be made liable for customers'
electronic fraud losses.
But its recomedations have received a mixed response from
business.
Jeremy Beale, head of e-business at the Confederation of British
Industry, agreed the issue needs attention but said, "There are
some issues that need to be ironed out. On some of the proposals,
such as a notification of breach law and vendor liability, the
committee had not really grasped how things actually work. What we
really need is a debate."
The government dismissed the reports findings in October. "We do
not accept that the incidence of loss of personal data by companies
is on an upward path and we do not accept that the Government is
indifferent to the problem."
The committee's recommendations include:
• Establish a cross-departmental group and a classification
scheme for recording e-crime
• ISPs to be liable if they know machines on their network are
sending out infected code and fail to take action
• Vendors to be liable for damage caused by faulty code.
• Put incentives in place to persuade businesses to protect
data
• Make banks liable for losses incurred as a result of
electronic fraud
• Begin consultation on a data security breach notification
law
• Urgently examine the ICO's effectiveness in enforcing good
standards of data protection in business
• Provide high-level support to the Get Safe Online
initiative
• Raise understanding of internet and e-crime across the court
system