All the latest UK technology news, reviews and analysis
|
|
|
16 Nov 2007
UK Information Commissioner Richard Thomas has argued for much tighter data protection laws in Britain, insisting that those who lose data should end up in court.
Thomas told the Lords Constitution Committee that those who knowingly or recklessly flout data protection rules should be prosecuted and fined up to £5,000.
"If a doctor or hospital [employee] leaves a laptop containing patient records in his car and it is stolen, it is hard to see that as anything but gross negligence," Thomas told the Lords.
"The Commission can currently issue enforcement notices, but these do not impose any element of punishment for wrongdoing."
Thomas suggested that one-off cases should not be prosecuted, but that systematic abuse needs greater censure.
He also proposed that companies should be inspected without warning for data security, rather than the current system which relies on consent.
Jamie Cowper, director of European marketing at PGP Corporation, said: "Given the recent spate of data breaches at NHS trusts, perhaps Thomas's approach is the only way to get the medical establishment to take this problem seriously.
"However, by placing the emphasis on protecting the device (specifically laptops) rather than the confidential data itself, he could be accused of treating the symptoms rather than providing a cure.
"It is not fair to expect doctors to be data security experts. The NHS should respond to the proposed legislation with a programme of data security education and a systematic roll-out of data protection technology such as encryption."
Increasing use of mobile devices by government and industry is creating a major problem with data leakage. A recent survey of local councils found that barely half use data encryption, even though over a third had lost a laptop.
Latest stories from Privacy
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Are you looking for a new positing within the Testing...
A leading global provider of critical information to...
Want to work for one of the most dynamic, creative environments...
Want to work for one of the most dynamic, creative environments...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Data security is not the only issue here
While we are all aware that this type of negligence is creating avenues for fraudsters to commit ID theft and other related crimes, it is also negatively affecting the customer's experience of a particular organisation. Although individual employees do have a responsibility in protecting customer information, there needs to be an organisational culture in place that recognises the importance of not only safeguarding this information, but ensuring that it is being used appropriately. Laptops being lost isn?t the only problem here. Too often we are seeing customer data being mis-treated by organisations which are storing and using the same customer data in multiple databases, so one department is not aware of what the other is doing with that information. This can easily lead to customer contact being duplicated , for example, multiple sales calls to the same customer on the same day, negatively impacting on the customer's experience. While security is paramount when dealing with customer data, how an organisation is using that information is also important.
Posted by: David Arrowsmith, SAS UK 16 Nov 2007