Data security is now an inherently political subject matter.
Delivering a keynote speech at the (ISC)2 conference on 'protecting your data', Stewart Room, partner of Field Fisher Waterhouse, claimed that data security law is seen by parliament as being of utmost importance in their mind.
He said that lawmakers have been building a new legal framework since before a benchmark was made by California in 2003, and before then it revolved around implied security in the context of privacy laws. In 1973 it was about express recognition of data security, leading up to the law that was passed in 2003.
Calling this the third cycle of security, Room said that the significance of it was it being within the new lawmaking and the trajectory was absolutely clear – it was towards more disputes and litigation.
Room said: “In 2003, that was the year that California passed the first bespoke data breach law, the law that requires organisations to come clean on security breaches and data loss. Being tough on security is good and being weak is bad, and that is a place that you do not want to go when people are voting you in.”
This, he claimed, was a first step towards data security being recognised by governments, but said that the political dynamic has fuelled this, and 'without a political dynamic we would not be where we are today'.
With regard to UK law, he claimed that the current data protection act effectively 'leaves us scratching our heads and figuring out what the rules should be', which was not suitable for this day and age.
Talking about the impact on the UK government, he said that the impact of HMRC led to the last months of the Blair Government falling behind the Conservatives in opinion polls, before a rise again following the start of the Brown administration.
Room said: “In the summer of 2007, people were saying Gordon Brown could do no wrong, he could walk on water, but when HMRC occurred that was the moment the opinion polls flipped again, and that was the moment that history will recognise that the Brown Government fell behind the Tories.
“It was not the economic crisis, it was not the credit crunch, it was data security that marked the beginning of the rot.”