Security chief: Data-breach laws must be fair

When a breach occurs, blame should be attributed according to the situation, says a security company chief

Any UK data-breach legislation must not single out businesses or consumers but be fair to both, according to a security company chief.

Phillip Dunkelberger, president and chief executive of data-encryption company PGP, said any UK legislation on data-breach notification "needs to be fair to both businesses and consumers" because each situation is different and blame needs to be attributed accordingly.

Dunkelberger said if a company is careful with our information but consumers are not, then it is an "obvious choice" about who to blame if a breach occurs — and vice versa for careful consumers and businesses that fail to protect data adequately.

He added data breaches are a "serious business", damaging consumers and also causing brand damage, so businesses need to be given some leeway to deal with such situations and re-evaluate how they use data.

Dunkelberger said data breaches may still continue to happen in those US states with notification legislation — but the laws have raised awareness and made it easier for victims of data breaches to understand what action they need to take.

California's data-breach law has also forced companies to take data security seriously — and has given consumers the tools to protect themselves against fraud.

Dunkelberger added: "It's not just legislation, all forms of security have to become simpler and easier to use to encourage consumers and businesses to up their security efforts and prevent data breaches."