[ISN] ICO faces calls for mandatory data breach reporting

From: InfoSec News <alerts_at_private>
Date: Fri, 16 Jul 2010 00:45:27 -0500 (CDT)
http://www.v3.co.uk/v3/news/2266549/breach-reporting-should

By Dan Worth
V3.co.uk
15 Jul 2010

Legal experts have called for the mandatory reporting of all data 
breaches to the Information Commissioner's Office (ICO), in order to 
bring more clarity to the amount of data being lost and improve efforts 
to prevent breaches.

Stewart Room, a partner covering privacy and information at legal firm 
Field Fisher Waterhouse, said at a roundtable event that mandatory 
reporting is necessary to stop companies attempting to "bury bad news".

"Many firms we deal with often decide not to report data breaches to the 
ICO as they are not obliged to report it under law, yet could suffer 
retrospective punishment despite admitting the loss," he said.

"As such they take a calculated risk that it will not be discovered, and 
rely on the fallback that, if they were discovered not to have disclosed 
the breach, they are not actually required to anyway under current law."

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Thu Jul 15 2010 - 22:45:27 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 15 2010 - 22:55:02 PDT