Britain needs data breach notification laws

torch laptop

Data breach notification laws will make a big difference to the speed at which UK businesses put security controls like encryption in place.

So claims Kevin Bocek, director of product marketing for Thales, speaking to IT PRO at the RSA Conference in London this week.

Bocek said that data breach notification laws in countries like the US and Germany mean that data security issues now have attention at board level, because it had become a significant business issue.

Germany, for example, now has a data breach notification law that went into enforcement in September that established clear fines and penalties. In Britain there is no such law.

The Information Commissioner's Office (ICO) and the Financial Services Authority (FSA) has no clear authority to establish fines or punishments.

"I suspect you'll see other EU states follow Germany's lead," said Bocek.

Bocek said that it shouldn't be a problem for such a law to be put in place in Britain, as it had support from consumers in terms of privacy and also from a business perspective.

Once a law were put in place, Bocek believed that it would motivate businesses to put in security controls like encryption quicker than was presently being done.

"Organisations are now talking about risk management in IT and once they adopt that like we've seen in the US, businesses will move to talk about technologies like database and tape encryption," Bocek said.