By Gemma Simpson
Organisations are to get guidance from data protection watchdog the
Information Commissioner on notifying their customers of a security
The plans have been revealed by the government in response to
silicon.com's Full Disclosure campaign , which calls for a review of
the data breach notification laws in the UK.
As part of the campaign silicon.com launched an online petition on the
Downing Street website calling for the Prime Minister to improve the
reporting of information security breaches in the public and private
sectors. The e-petition received more than 300 signatures.
The government said the move towards data breach notification laws in
other jurisdictions - such as seen in the US - is an "interesting
development", but said it is not convinced this would lead to better
protection of data.
But the response did not completely dismiss the notion of UK data breach
legislation, and said: "The government does not discount the idea of a
data breach law. However, it is not convinced that it would lead to an
improvement in performance by business in regard to protecting personal
Instead of a data breach law, the written response hinted towards a
voluntary "checklist" that will offer companies guidance on what to do
following a data breach.
The response said: "The Information Commissioner's Office (ICO)
acknowledges that there are occasions when notifying consumers of a
breach of security might not be appropriate. The ICO plans to consider
drafting some checklist guidance to organisations - similar to guidance
that exists in Canada and New Zealand."
The UK's data protection watchdog already published new guidelines for
individuals to better understand how and why organisations use their
data under the current Data Protection Act in August 2007.
Downing Street's response to the silicon.com petition also said the
government takes "the protection of personal data extremely seriously"
and that the Data Protection Act sets out the framework for data
protection and any enforcement action which may be taken by the
Information Commissioner and the courts.
In November, Prime Minister Gordon Brown gave the ICO the power to
conduct spot checks on government departments, in light of the HM
Revenue & Customs breach which saw 25 million child benefit claimants'
details 'lost in the post' - making it the largest UK data breach in
Visit InfoSec News