3 March 2008
by Billy MacInnes
The government should raise the bar on data security by introducing legislation to force full disclosure of data breaches, according to a security expert.
Paul Davie, founder of data security specialist Secerno, said this would prevent companies from taking unnecessary risks with customers’ personal details.
Davie called for a stronger focus on disclosure as he criticised the government for not being transparent and open about the risks associated with the ContactPoint database containing personal identifiable data of children, including their GP, school and parents’ contact information, which will be accessed by over 300,000 people.
He admitted the government was taking "perfectly reasonable steps to consolidate data" but raised questions over what measures it had in place to address the risk of authorised users misusing the data.
"How do you know all of the 300,000 users are doing what they should do with the data?" Davie asked. He claimed technology already existed to monitor system users’ behaviour, and that it could be applied to the ContactPoint database.
Similar issues apply to commercial companies because customers are unable to tell how their data is being stored and used. It is up to people to ensure the government puts pressure on businesses to take "the appropriate steps" to protect customer data, said Davie.
"The penalties need to be significant for private companies that are not taking the appropriate steps," he argued.
One vendor said resellers hoping to use data leaks as a sales pitch had found customers confused about exactly what they needed to be doing to protect themselves against data leaks.
