Pressure grows for UK data loss disclosure

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://software.silicon.com/security/0,39024655,39166396,00.htm

By Will Sturgeon
16 March 2007

The UK is in desperate need of revisions to laws that govern the 
disclosure of information relating to data loss or theft, according to 
security experts.

Currently UK organisations that lose sensitive customer or employee data, 
or expose it to others, do not have to disclose details of the breach - 
even to those affected.

Now, in the wake of recent data losses, security experts have called on UK 
legislators to bring laws in line with US law SB 1386, which was 
introduced in California in 2003 and has spread to 34 states, requiring 
full disclosure.

Martin Carmichael, CSO at McAfee, told silicon.com: "I think companies 
should be accountable. Accountability is a vital part of security and if a 
company has a data breach I think they should be prepared to talk about 
it.

"I am surprised the UK doesn't have anything in place like SB 1386."

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 158 million compromised records in 601 incidents over 7 years.