Security chief: Data-breach laws must be fair

When a breach occurs, blame should be attributed according to the situation, says a security company chief
Written by Gemma Simpson, Contributor

Any UK data-breach legislation must not single out businesses or consumers but be fair to both, according to a security company chief.

Phillip Dunkelberger, president and chief executive of data-encryption company PGP, said any UK legislation on data-breach notification "needs to be fair to both businesses and consumers" because each situation is different and blame needs to be attributed accordingly.

Dunkelberger said if a company is careful with our information but consumers are not, then it is an "obvious choice" about who to blame if a breach occurs — and vice versa for careful consumers and businesses that fail to protect data adequately.

He added data breaches are a "serious business", damaging consumers and also causing brand damage, so businesses need to be given some leeway to deal with such situations and re-evaluate how they use data.

Dunkelberger said data breaches may still continue to happen in those US states with notification legislation — but the laws have raised awareness and made it easier for victims of data breaches to understand what action they need to take.

California's data-breach law has also forced companies to take data security seriously — and has given consumers the tools to protect themselves against fraud.

Dunkelberger added: "It's not just legislation, all forms of security have to become simpler and easier to use to encourage consumers and businesses to up their security efforts and prevent data breaches."

Editorial standards