Lords presses UK government to introduce bank data security law

Lords presses UK government to introduce bank data security law

The UK's House of Lords is calling on the government to introduce new laws requiring financial services firms and online retailers to notify the public of any data security breaches.

Reporting on its inquiry into personal Internet security, the House of Lords science and technology committee has slammed what it calls the "laissez-faire attitude" towards Internet security displayed by a number of groups, including the government, ISPs and hardware and software vendors.

This attitude contributes to a "wild west" culture where the end user alone is responsible for ensuring they are protected from online attacks, says Lord Broers, chairman of the committee.

"At the moment it seems that the Internet is increasingly perceived as a sort of 'wild west', outside the law," adds Broers. "People are said to fear e-crime more than mugging. That needs to change, or else confidence in the Internet could be destroyed."

The report says the government's insistence that individuals are responsible for their online security is "inefficient and unrealistic".

"You can't just rely on individuals to take responsibility for their own security. They will always be out-foxed by the bad guys," argues Broers.

He says many of the organisations profiting from Internet services now need to take their share of the responsibility, including banks, Internet traders, the IT industry, software vendors and ISPs.

The committee has put forward a number of measures following the inquiry, including the establishment of a data security breach notification law. This would provide an incentive to banks and other companies trading online to improve the data security, says the Lords. The committee has also called for implementation of measures that would establish legal liability for damage resulting from security flaws.

The government should also review "as a matter of urgency" a decision to require online frauds to be reported to banks rather than thr police in the first instance. Victims of e-crime should have acknowledgment from law enforcement bodies that a serious crime has taken place, says the committee.

Other recommendations include increasing resources available to the police and criminal justice system to catch and prosecute e-criminals. This follows on from claims made by Microsoft and members of the open source community that police in the UK lack the skills and expertise to deal effectively with cases of cyber crime.

Other measures include the establishment a centralised and automated system, administered by the police, for the reporting of Internet crime and the introduction of a security "kite mark" for Internet services.

"You can't legislate for better Internet security. But the government can put in place incentives for the private sector to up their game. And they can invest in better data protection and law enforcement," says Broers.

Comments: (0)