This is a site designed to make it easier to take the core of large published reports and allow anyone to comment on them.


The Government provided evidence to the Committee that recognised that the move towards breach notification laws in other jurisdictions was an interesting development. We are, however, clearly not so convinced as the Committee that this would immediately lead to an improvement in performance by business in regard to protecting personal information and we do not see that it would have any significant impact on other elements of personal internet safety. The experience in the United States has yet to be fully analysed but there is a strong body of opinion that doubts whether there has been significant differences to corporate behaviour and may, in fact, have desensitised consumers to security issues and undermined confidence in the internet as a business medium. It has to be remembered that the US does not have the same legal framework in respect of privacy and the state laws on data breach have been an attempt to provide market incentives as an alternative to imposing such a framework. We will continue to observe the US experience and consider whether we need to find more formal ways of ensuring that companies do - as a matter of routine contact the Office of the Information Commissioner when problems arise. This enables a proportionate response to be taken and ICO acknowledge that there are occasions when notifying consumers of a breach of security might not be appropriate. Such discussions also enable a discussion to take place about precautions taken and how they might be improved.

Email this to a friend.
Previous itemNext item.


(You must give a valid email address, but it will not be displayed to the public.)

We only allow the following html tags em strong blockquote p br. After posting, there may be a short delay before your comment appears on the site