New UK legislation and regulation is making boards wake up to the importance of keeping data secure, says information security professionals organisation (ISC)².
Privacy and information lawyer Stewart Room highlighted the imminent new powers of the Information Commissioner's Office (ICO) at an (ISC)² SecureLondon seminar.
"Fines up to £500,000 for serious data breaches from 6 April are making executives sit up and take notice," said John Colley, EMEA managing director at (ISC)².
The ICO's increased enforcement powers and the broadening of legislation to cover all confidential data not just personal data will help increase the importance of information security in many boardrooms, he told Computer Weekly.
"In the light of the coming changes, every information security professional should make sure they have compliant policies and documentation in place," said Colley.
The changes in legislation not only increase the importance of legal and regulatory compliance, but also increase the risk of civil litigation, he said.
"The new laws open up the possibility of people affected by data breaches suing for damage and distress, which could cost companies more than £500,000," said Colley.
The good news is that all this will put information security more firmly on the board agenda, but it will also increase demands on information security professionals.
"They will have to do a lot more to prove they are doing a good job, which will demand communication and negotiation skills not normally associated with information security professionals," said Colley.
Another important change in the past year is the increasing importance of social networking and other user-generated content in the business context, he said.
"Web 2.0 is here to stay and information security professionals need to find ways of enabling people within the business to use these tools in a secure way," said Colley.