Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Credant supports US declaration law for UK implementation.

Credant Technologies : 29 November, 2007  (Technical Article)
In the wake of the HMRC data loss, Richard Stone of Credant Technologies explains why he supports the introduction to disclosure laws similar to those which operate in America.
The theft of CDs containing the personal information of 25 million UK citizens has rightly caused an out-pouring of "Shame on you" on HMRC and prompted questions like "How could you let this happen?" The real question that the British people should be asking though is this: "Who else has lost my data that I haven't been told about?"

Companies of all sizes, including local & national government, hold huge amounts of very private information on virtually every individual in the UK, yet amazingly, there are no laws to force them to either protect that information (such as by encrypting the data), or to tell you if your un-encrypted information gets lost or stolen. Make no mistake about this: Ever since the first credit card number was put on the first laptop computer or CD, companies have been losing your information and just simply not telling you. There's a sad fact of economic life here: It's cheaper for a company to say nothing and do nothing if they lose Joe Public's private information, rather than to do the right thing -- ensure that all the data is encrypted, or telling consumers if there's a risk that their private data could have got into the wrong hands.

The situation in the US today is very different: Following on from some very high-profile data thefts, many States have now enacted so-called "Data Breach Notification" legislation.

Put simply, this legislation says "If you lose customers' Personal Identifiable Information (Social Security numbers, credit card numbers, driving licence numbers, etc) and it wasn't encrypted, then you must notify everyone who's likely to be affected. Many States have also included additional consumer protection, such as one year's free credit monitoring services to protect against possible identity theft. The US Federal Government - immune from State legislation -- has also mandated strict data security standards for itself. Following an incident similar to the HMRC in mid-2006, President Bush issued a mandate that all government departments must implement data encryption - no exceptions.

The net effect of US legislation has been to change the economic balance of data security: Now, it's cheaper to implement a good data security solution (ie encrypt the data) than to bear the cost of a data breach notification. The figures speak for themselves: When items such as credit monitoring are added in, it's estimated that the average cost of a breach notification following the loss of un-encrypted data is in the region of $90-$140 per customer record.

So, if the loss involved 100,000 customers, this will typically cost a company on average about $11.6M. What's the cost of a good data security solution to avoid this in the first place? Much, much less than that!

US legislation hasn't stopped data theft, any more than burglaries have been stopped by property laws. What it has done is to provide insurance for affected consumers by forcing companies and the government to either protect consumers' data, or come clean when they lose it so consumers can get the protection they deserve. It has also put the spotlight on companies who fail to protect consumers', as these breaches are now tracked by a number of public web sites.

The UK government must follow the US' lead. They must enact legislation to protect consumers against the horrors of data theft and the subsequent risk of identity theft. If nothing else comes out of the HMRC incident, then just let this be a lesson learned the hard way!
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo