ICO: UK may get data-breach notification law
The UK's privacy watchdog has said the country is a step closer to getting a law that forces organisations to reveal data breaches, thanks to draft EU legislation.
Deputy information commissioner David Smith said proposals to revise the EU's E-Privacy Directive could be the "catalyst" needed to get data-breach notification into UK law.
Amendments to the directive would require "providers of electronic services to inform users of breaches of data protection" and will be voted on by the EU later this year.
Smith said: "There is increasing pressure to bring in a law for data-breach notification."
"It looks as if breach notification may come out of the review of the E-Privacy Directive; it could be a catalyst for a law to cover all types of communications," said Smith.
But he cautioned against notification on every data breach, saying it was important that the Information Commissioner's Office (ICO) did not become swamped with "minor incidents".
Smith also told ZDNet.co.uk sister site silicon.com that the ICO was about to be given the power to carry out data-security spot checks on central government.
But he warned that the ICO appears to be more than "months away" from being able to carry out unannounced inspections on the private sector, despite such audits being commonplace in the rest of Europe.
Smith added that it was important for government departments to put in interim measures to guard against data breaches, such as carrying around the minimum amount of information, while carrying out the lengthy process of encrypting all personal data.
The Department of Health recently revealed that many NHS trusts are unlikely to complete encryption of personal data for several months.
Last month, the ICO disclosed that it has had 138 reports of data breaches since last November. However, Smith said he thought the scale of private-sector breaches was far greater than reported.
Smith told a Westminster eForum meeting on information security: "What has changed today is the scale of the information being handled and the ease with which it can be lost."