An influential House of Lords committee is to re-open an inquiry into e-crime and the security of personal data...
on the internet after members of the committee branded the government's reactions to its recommendations as "vacuous, idle and irrelevant".
The Lords Science and Technology Committee called for new laws to require businesses to encrypt personal data, report security breaches to their customers and to to make suppliers liable for damage caused by flaws in their software, in a controversial report in August.
But members said the government's "complacent" attitude to its recommendations, coupled with the recent string of high-profile data breaches, meant they had no choice but to call civil servants back for questioning. They plan to grill civil servants on their "inadequate" response and are threating to summon ministers to answer questions.
"IT communication and business is going to be at the heart of commerce for decades to come. We have got to get a grip of it now. The government's response to our suggestions was vacuous, idle and irrelevant," said Lord O'Neill, committee member.
The committee says a series of high-profile security breaches have shown that the government and business need to take action to protect the publics personal data and to reduce the impact of e-crime.
The HMRC's loss of discs containing the personal details of 15 million people and the loss of laptops containing details of 11,000 children by Nottinghamshire County Teaching Primary Care Trust in March last year have propelled the security of personal data into the headlines. Marks & Spencer lost the details of 26,000 staff after a laptop was stolen in May.
"We want to shake things up so we are not in this position in a year's time," said Lord Errol.
The committee's 2007 report was an attempt to address the growing problem of e-crime. It called for more powers for the Information Commissioner's Office to enforce data protection in businesss and the public sector, a central, automated system for reporting e-crime, and banks to be made liable for customers' electronic fraud losses.
But its recomedations have received a mixed response from business.
Jeremy Beale, head of e-business at the Confederation of British Industry, agreed the issue needs attention but said, "There are some issues that need to be ironed out. On some of the proposals, such as a notification of breach law and vendor liability, the committee had not really grasped how things actually work. What we really need is a debate."
The government dismissed the reports findings in October. "We do not accept that the incidence of loss of personal data by companies is on an upward path and we do not accept that the Government is indifferent to the problem."
The committee's recommendations include:
• Establish a cross-departmental group and a classification scheme for recording e-crime
• ISPs to be liable if they know machines on their network are sending out infected code and fail to take action
• Vendors to be liable for damage caused by faulty code.
• Put incentives in place to persuade businesses to protect data
• Make banks liable for losses incurred as a result of electronic fraud
• Begin consultation on a data security breach notification law
• Urgently examine the ICO's effectiveness in enforcing good standards of data protection in business
• Provide high-level support to the Get Safe Online initiative
• Raise understanding of internet and e-crime across the court system