[Dataloss] Pressure grows for UK data loss disclosure
security curmudgeon
jericho at attrition.org
Mon Mar 19 13:49:22 UTC 2007
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://software.silicon.com/security/0,39024655,39166396,00.htm
By Will Sturgeon
16 March 2007
The UK is in desperate need of revisions to laws that govern the
disclosure of information relating to data loss or theft, according to
security experts.
Currently UK organisations that lose sensitive customer or employee data,
or expose it to others, do not have to disclose details of the breach -
even to those affected.
Now, in the wake of recent data losses, security experts have called on UK
legislators to bring laws in line with US law SB 1386, which was
introduced in California in 2003 and has spread to 34 states, requiring
full disclosure.
Martin Carmichael, CSO at McAfee, told silicon.com: "I think companies
should be accountable. Accountability is a vital part of security and if a
company has a data breach I think they should be prepared to talk about
it.
"I am surprised the UK doesn't have anything in place like SB 1386."
[..]
More information about the Dataloss
mailing list