This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Watchdog: 'No to US-style data laws'

Share this article:
US-style personal data breach notification is not a workable model for the UK, the UK's information watchdog told RSA delegates.

In a keynote address, Information Commissioner Richard Thomas said: “I am not convinced by legislation that requires companies to individually warn the public if their details have been compromised. The severity and circumstances of each breach merit a different response, and mandatory notification doesn't take this into account. It would be a significant additional burden for businesses, and could cause public 'breach fatigue'".

California introduced a compulsory notification law that has often been held up as a desirable standard in breach notification legislation. Thomas also called for CEOs and public sector bosses to shape up and take responsibility for personal data, rather than expecting IT departments to deal with the issue.

“Data protection has come in from the cold, and there is a pressing need for awarreness right at the top. Permanent secretaries and CEOs must be certain that responsibility for data is clear, and they must be certain who has responsibility for each set of data”, said Thomas.

“This responsibility rests with the whole organisation, from board downwards. Information is a toxic liability if not handled correctly.”

Thomas also welcomed recent promises from the Secretary of State Jacqui Smith that proposals for a giant government database of all telecoms and internet traffic would receive a public consultation before being put before parliament. “I feel reasured that this debate is going to take place”, he said.
Share this article:
close

Next Article in News

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Most UK Companies unaware of EU Data Protection law

Most UK Companies unaware of EU Data Protection ...

The European Union's Data Protection Regulation reforms are edging ever closer to reality but, as a new study reveals, awareness among UK businesses is lower than expected.

UK banks to get independent pen-testing?

UK banks to get independent pen-testing?

The UK's Bank of England (BoE) is reportedly planning to carry out a major pen-testing exercise in the Autumn.

The cloud: rapid adoption and rising levels of attacks

The cloud: rapid adoption and rising levels of ...

Research just published claims to show that there has been a significant increase in attacks against cloud and on-premises IT systems.