Laws are imminent that require companies to warn customers that their personal details may have been leaked. The question is whether governments will hold themselves to the same standards.
This was the consensus of a panel discussion on data breach notification laws for Europe at the RSA Europe 2007 conference.
The panel noted that the European Commission has proposed that internet service providers and telecommunications network operators be required to inform their customers if their data was leaked.
Christopher Kuner of law firm Hunton & Williams noted that these were not the worst offenders, indeed governments were more likely to mislay personal information than the private sector, which had both a legal requirement to do so, and a competitive reason. "There are not the same commercial pressures on government agencies," he said.
Panelists agreed that government and business should operate under the same law. Mark Rothenberg of the Electronic Privacy Information Center noted that most existing law exempted government. David Smith, the UK's deputy information commissioner, said any such law should be simple, easy to understand and apply, and easy to regulate.
Jim Lewis of the Centre for Strategic & International Studies said it could be that the industry is in a transition phase from where privacy was sacrosanct to a more relaxed regime. "Our attitudes are changing," he said, citing the plethora of personal information to be gleaned from social networking sites, and over which few of their users appear to have qualms.