BreachExchange mailing list archives
Pressure grows for UK data loss disclosure
From: security curmudgeon <jericho () attrition org>
Date: Mon, 19 Mar 2007 13:49:22 +0000 (UTC)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://software.silicon.com/security/0,39024655,39166396,00.htm By Will Sturgeon 16 March 2007 The UK is in desperate need of revisions to laws that govern the disclosure of information relating to data loss or theft, according to security experts. Currently UK organisations that lose sensitive customer or employee data, or expose it to others, do not have to disclose details of the breach - even to those affected. Now, in the wake of recent data losses, security experts have called on UK legislators to bring laws in line with US law SB 1386, which was introduced in California in 2003 and has spread to 34 states, requiring full disclosure. Martin Carmichael, CSO at McAfee, told silicon.com: "I think companies should be accountable. Accountability is a vital part of security and if a company has a data breach I think they should be prepared to talk about it. "I am surprised the UK doesn't have anything in place like SB 1386." [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 158 million compromised records in 601 incidents over 7 years.
Current thread:
- Pressure grows for UK data loss disclosure security curmudgeon (Mar 19)