Gov't rules out data-breach notification law

Gov't rules out data-breach notification law

Summary: The government says it won't implement a data-breach notification law, but will increase fines for companies violating data-protection legislation

TOPICS: Networking

The UK government has announced that it will not be implementing a data-breach notification law.

Following a recommendation by information commissioner Richard Thomas in July, the government announced in a report on Tuesday that it will not introduce a compulsory data-breach notification law for private-sector organisations.

"After considering the analysis of the experience of the US in the area of data-breach notification legislation, the government is not intending to implement similar legislation to that in operation in the US," states the Response to the Data Sharing Review Report.

It is already mandatory for public-sector organisations to report any significant actual or potential losses of data to the Information Commissioner's Office (ICO). Private-sector organisations should report data breaches "as a matter of good practice", states the report, and the ICO should take into account of any lack of reporting by a private-sector organisation in its enforcement action.

Fines for companies that are found in breach of data-protection laws are to be raised, states the report. The Ministry of Justice is working with the ICO to determine the level of the maximum fine.

Merlin, Earl of Erroll, told ZDNet UK on Wednesday that a data-breach notification law would have both advantages and disadvantages.

"It's like the curate's egg — good in parts," said Errol. "Notification is inherently a good idea because it allows the government to get a handle on the scale of the problem. The danger is that it opens up opportunities for phishing, as people send out letters saying: 'Your details have been compromised, please confirm your data.'"

Errol said that the government should reconsider mandatory data-breach notification, and added that the European Parliament was also considering a data-breach law.

"Europe is looking at it hard and, if they bring in a law, then the government will have no choice but to accept," Erroll said.

Topic: Networking

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion