[Previous entry: "Computer Misuse Act Section 3a clarification"] [Next entry: "Reinventing the wheel... and Oracle passwords"]

10/28/2007: "UK Data Security Breach Notification law put on ice?"

According to the Government's response to the Personal Internet Security report they don't believe a UK Data Security Breach Notification law is justified right now:

"11. We further believe that a data security breach notification law would be
among the most important advances that the United Kingdom could make in
promoting personal internet security. We recommend that the Government,
without waiting for action at European Commission level, accept the principle
of such a law and begin consultation on its scope as a matter or urgency.

The Government provided evidence to the Committee that recognised that the move
towards breach notification laws in other jurisdictions was an interesting
development. We are, however, clearly not so convinced as the Committee that this
would immediately lead to an improvement in performance by business in regard to
protecting personal information and we do not see that it would have any significant
impact on other elements of personal internet safety. The experience in the United
States has yet to be fully analysed but there is a strong body of opinion that doubts
whether there has been significant differences to corporate behaviour and may, in
fact, have desensitised consumers to security issues and undermined confidence in
the internet as a business medium."