- Information Security Worldwide Image by purpleslog via Flickr
All the legal experts are holding a common view about the reporting of incidents involving data breaches. The experts believe that the data breaches should be reported to the office of ‘Information Commission (ICO)’ so that there is complete clarity about the amount data which is being lost. It will also enable and improve efforts to prevent breaches.
Infact this pressure is in synchronization with the recent data protection survey conducted by Sophos. Of the 1,200 organisations that were surveyed, around 50% of them believe the current legislation is too weak where as 87 per cent say yes to the reporting of sensitive data breache incidents.
Recently a security roundtable conference was organized. On that occassion, Stewart Room, who is a partner with legal firm Field Fisher Waterhouse emphaized on the mandatory reporting so that organization do not esapce all incidents involing data breaches and losses.
Stewart Room added, “Many firms we deal with often decide not to report data breaches to the ICO as they are not obliged to report it under law, yet could suffer retrospective punishment despite admitting the loss”. “As such they take a calculated risk that it will not be discovered, and rely on the fallback that, if they were discovered not to have disclosed the breach, they are not actually required to anyway under current law.”
Another limitation which was pointed by Room is the current limit of fine which stands at a maximum of £500,000. According to him, it doesn’t make sense to have a specific limit and rather it would be more logical to have an uncapped fine which will be far more stringent.
It is believed that for all ISPs and Telecom companies, mandatory reporting will be introduced from May 2011 onwards.
Another counsel at Vodafone, Kasey Chappelle mentioned that they currently report any serious losses to the ICO but at the same time also keep the customers informed of the smaller losses.
At the outset the need is to educate the citizens and organizations about protecting their data. The idea behind imposing these monetary fines is a step in that direction.
As experts like Jackie Groves believe, “People at an executive level need to be better educated about why it is vital to manage data. Often middle management do not get the support they need from those at the top to ensure that data is correctly managed,” she said.
There has been rising presses from the the European Commission on the Ministry of Justice to provide more powers to the ICO to emphasize on the importance of data protection.
Get Laptop Encryption now !!
While huge sums are spent on protecting internal networks from hackers, employees are walking out the front door with laptops that not only have vast quantities of data stored on them, but also have applications connecting to internal networks and protected websites.
80% of information theft results from lost or stolen equipment. 50% of network intrusions take place using credentials from lost or stolen equipment. With laptop encryption installed, none of the information or credentials would have been lost. Try Alertsec Express now.
Related articles by Zemanta
- ICO faces calls for mandatory data breach reporting (v3.co.uk)
- ICO launches online guide to data protection (v3.co.uk)
Fascinating article with A number of useful advises. Thank you very much, I?l Begin Examining your blog.