AOH :: ISNQ4936.HTM

Downing St responds to silicon.com's Full Disclosure campaign




Downing St responds to silicon.com's Full Disclosure campaign
Downing St responds to silicon.com's Full Disclosure campaign



http://software.silicon.com/security/0,39024655,39169411,00.htm 

By Gemma Simpson
Silicon.com
December 2007

Organisations are to get guidance from data protection watchdog the 
Information Commissioner on notifying their customers of a security 
breach.

The plans have been revealed by the government in response to 
silicon.com's Full Disclosure campaign [1], which calls for a review of 
the data breach notification laws in the UK.

As part of the campaign silicon.com launched an online petition on the 
Downing Street website calling for the Prime Minister to improve the 
reporting of information security breaches in the public and private 
sectors. The e-petition received more than 300 signatures.

The government said the move towards data breach notification laws in 
other jurisdictions - such as seen in the US - is an "interesting 
development", but said it is not convinced this would lead to better 
protection of data.

But the response did not completely dismiss the notion of UK data breach 
legislation, and said: "The government does not discount the idea of a 
data breach law. However, it is not convinced that it would lead to an 
improvement in performance by business in regard to protecting personal 
information."

Instead of a data breach law, the written response hinted towards a 
voluntary "checklist" that will offer companies guidance on what to do 
following a data breach.

The response said: "The Information Commissioner's Office (ICO) 
acknowledges that there are occasions when notifying consumers of a 
breach of security might not be appropriate. The ICO plans to consider 
drafting some checklist guidance to organisations - similar to guidance 
that exists in Canada and New Zealand."

The UK's data protection watchdog already published new guidelines for 
individuals to better understand how and why organisations use their 
data under the current Data Protection Act in August 2007.

Downing Street's response to the silicon.com petition also said the 
government takes "the protection of personal data extremely seriously" 
and that the Data Protection Act sets out the framework for data 
protection and any enforcement action which may be taken by the 
Information Commissioner and the courts.

In November, Prime Minister Gordon Brown gave the ICO the power to 
conduct spot checks on government departments, in light of the HM 
Revenue & Customs breach which saw 25 million child benefit claimants' 
details 'lost in the post' - making it the largest UK data breach in 
history.

[1] http://www.silicon.com/publicsector/0,3800010403,39167826,00.htm 


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods