Governments need tougher data loss laws

15 Jan 2008

Governments need to bring in tougher laws to make companies realise the responsibility of handling personal data isn’t an option, it’s a necessity, a leading security expert claims.

Chris Mayers, chief security architect at software player Citrix, cited the recent security breach at the UK Inland Revenue where private information belonging to 25 million child welfare recipients contained on a number of CDs went missing in the post.

“Given the severity of recent data breaches the time for talking is most definitely over,” Meyers said.

“Any new laws should be rigorous enough to deter companies from the very failures we have seen at the Inland Revenue and other organisations over the past 12 months.

“The issue really has become that serious, and it is the Government’s job to uphold public confidence in data handling. To give these laws teeth, more resources are also needed for investigations, and for enforcing the existing legislation.”

Meyers said similar measures have proven successful in the US since they were introduced in California in 2003.

“Companies there not only fear the public backlash upon being named and shamed but also face the very real threat of criminal prosecution if they fail to disclose a breach.

“That fear has forced many US companies to check and double-check all the processes they have in place when handling sensitive information. Sadly, a similar level of diligence is severely lacking in Ireland and the UK.

“Failure to disclose a breach can increase the window of opportunity for fraudsters who obtain personal data. Companies who suffer breaches must be compelled to notify potential victims,” Meyers added.

By John Kennedy