Security professionals back a European directive which requires companies to inform customers and regulators of data security breaches.
The European Commission is expected to pass such a directive this year, although it may take years for the UK to adopt it into law.
This means consumers here will have less protection than consumers in a growing number of US states already, when it comes to data breach disclosure.
A survey by database security firm Secerno shows that 77% of IT security professionals back a UK data breach disclosure law. A recent Ipsos MORI poll found that 82% of UK consumers expect to be notified immediately if there has been a security breach.
The Secerno survey also found that of those in favour of such a law (49%) believe that companies should be forced to disclose a data breach immediately, rather than delaying the announcement.
Paul Davie, founder of Secerno, said, "A situation that mirrors the infamous TJX breach in the US may already have happened in Europe, but companies operating in this region are not legally obliged to notify their customers - which only erodes public confidence."
Davie said, "Many businesses make the mistake of believing data security to be just an IT issue, when it's evidently more important than that - it's a business issue that needs managing from the board level."
Secerno is calling on UK firms to voluntarily disclose data breaches, ahead of any legislation.
Comment on this article: firstname.lastname@example.org