Data Protection Laws Too Soft
The majority of UK businesses feel that data protection laws are too soft. These are the findings of a recent survey by IT security firm Sophos UK & Ireland. The research, conducted among 1200 UK-based organisations, suggests that our country's current data protection legislation is relaxed and 'needs revision'.
A main criticism of the government's stance on data exposure cases is that, at present, it is only 'encouraged' not mandatory to report incidents to the Information Commissioners Office (ICO). In order to find workable solutions the government is holding public consultations until the 6th October 2010 asking for suggestions about how the situation can improve.
Despite the agreement that punishment is nowhere near severe enough, 36% of the survey participants said that they felt burdened by the extra complexity enforced by data protection laws and 30% worried about the extra costs they would have to incur as a result of having to ensure compliance. There was evidence awareness about the importance of data security had improved though with 61% of respondents saying they were very aware or mostly aware about the law's existence.
However, issues about clarity and education were identified when over half the companies interviewed were either concerned or unsure about their own compliance to the legislation.
Sophos UK & Ireland Vice-President, Ciaran Rafferty, stated, "This survey underlines the need to educate, advise and then provide practical security solutions".
In April, Sophos teamed up with legal firm Field Fisher Waterhouse to help educate companies on current legislation and advise them on how best to comply. Stewart Room, partner at Field Fisher Waterhouse, said, "Working with IT security experts at Sophos, we are advising companies on how to avoid data breach incidents, as well as help them with the aftermath and potential consequences".