Computer Weekly Editor's Blog

May 6 2011   10:58AM GMT

Prepare now – mandatory data breach disclosure is on its way

Bryan Glick Bryan Glick Profile: Bryan Glick

Tags:
Cyber security
Data breach
Data protection
Hackers
Information security
IT security
Security
Sony

We have Sony to thank for raising the bar of the world’s biggest data breaches – with some 100 million people potentially affected by the hack on its Playstation Network. That goes quite a way to beat the UK’s previous best – the notorious lost HM Revenue & Customs CDs containing the details of 25 million child benefit records.

There’s been a bit of a flood of incidents lately – Play.com, Lush, RSA among them – which can only suggest that years of education and learning on risk management and protecting networks has not been entirely successful. In many cases, the hacks have not been especially sophisticated, but they have been determined and well targeted. There will never be a better security strategy than vigilance.

At a recent Computer Weekly event, IT security expert Peter Sommer, a visiting professor at the London School of Economics, highlighted the simple truth that cyber attacks will happen, no matter what. His blunt advice was to assume you will be hit – and that the most important part of IT security should be contingency planning.

Be prepared, as Boy Scouts would say, and have plans in place for how to deal with a cyber attack when it happens. This has been a particular weakness for Sony, whose slow response to the data breach and poor customer communication in the aftermath have been widely criticised.

But before long it is likely to be about more than just good planning, as IT leaders will need to also be prepared for the day, coming soon, when mandatory data breach notification becomes law for all. This month, the European Union introduces data breach disclosure laws for telecoms companies and ISPs – and even if the new legislation only affects those sectors now, their very existence is a sign of the EU’s direction of travel in information security regulation.

Lawyers fully expect the laws to be extended to cover more and more organisations – so now is the time to prepare.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: