Print
Discuss
Send to friend
RSS feedsPublic demand for EU or UK legislation mandating the disclosure of data breaches is growing, according to recent research by Symantec and Ipsos Mori.
The results showed that 96 per cent of the general public would want to be notified in the event of their personal details being lost or stolen.
The loss of bank account details topped the list for notification at 85 per cent, followed by passport number at 52 per cent.
"The survey shows that the resounding majority of the general public would want to be told if their personal details were lost," said Richard Archdeacon, director of global security at Symantec.
"This adds weight to the current debate for the introduction of an appropriate law on notification. But, by addressing the issue of data loss in the first place, prevention is a greater asset than notification."
However, research by content security firm Clearswift suggests that nine out of 10 UK IT managers believe that the general public should not be informed if a data breach occurs, and 61 per cent do not even think that the police should be informed.
Surprisingly, 60 per cent of the UK respondents to Clearswift's poll were unaware of the possible introduction of data breach notification legislation. When informed, half were in favour of such legislation being implemented.
"Given the recent debate around possible data breach legislation, it is surprising to see the lack of awareness on the subject," said Stephen Millard, vice president of strategy at Clearswift.
"This research shows that, when faced with the prospect of having to air some dirty laundry in public, companies are not confident that they will emerge in a positive light.
"This demonstrates the necessity of having appropriate measures in place to protect and secure sensitive information, and for the IT community to accept responsibility for the information they manage."
Symantec's latest Internet Security Threat Report found that one in four data breaches occurs within government departments.
"Most data breaches are accidental but, irrespective if they are malicious or not, the lost of personal data can have a huge negative impact on an organisation's reputation," said Archdeacon.
"Data breach notification legislation would be an important step to increase data security and ensure that organisations are aware of their requirements and obligations."
The majority of those polled by Clearswift said they have some kind of security measure in place to protect against data loss.
Of those without security measures, 30 per cent said this was because they trust their employees and 20 per cent because of budget restrictions.
See also:
Insider threats taken to the top of security agendas 29 May 2008
Information Commissioner's Office gets tough 12 May 2008
All Software Licensing & Piracy Tags: Data-breach, Legislation, Government, Security, Strategy
del.icio.us
Digg this
reddit!
