By Dan Worth
15 Jul 2010
Legal experts have called for the mandatory reporting of all data
breaches to the Information Commissioner's Office (ICO), in order to
bring more clarity to the amount of data being lost and improve efforts
to prevent breaches.
Stewart Room, a partner covering privacy and information at legal firm
Field Fisher Waterhouse, said at a roundtable event that mandatory
reporting is necessary to stop companies attempting to "bury bad news".
"Many firms we deal with often decide not to report data breaches to the
ICO as they are not obliged to report it under law, yet could suffer
retrospective punishment despite admitting the loss," he said.
"As such they take a calculated risk that it will not be discovered, and
rely on the fallback that, if they were discovered not to have disclosed
the breach, they are not actually required to anyway under current law."
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com