A member of the House of Lords committee, Lord Harris of Haringey, has reinstated his support for a data breach notification law and its recommendation by the Science and Technology Committee.

Lord Harris believes businesses should be more security conscious and that, in some cases, the financial penalties of data breaches are not strong enough.

A data-breach notification law would “concentrate the minds” of companies holding data, because loss of data would have an impact on that organisation’s reputation, said Harris. He added that all board-level executives should be legally liable for data loss.

The Met’s Special Crime Unit has concerns over the creation of any data breach law, as there is currently no structure in place to deal with policing data breach notification. They caution that the response be proportionate to the size of the company or issue.

David Evans, senior guidance manager at the ICO mentions:

“If we’re allowing businesses to have self-control, we should expect openness and transparency. If their security measures aren’t adequate, they should be expected to cough that up. However, if the reputational risk [of disclosure] is bigger than the risk of not disclosing data loss, then companies may decide not to notify,” said Evans.

The law is still in early planning stages.

Via ZDNet UK Tags: uk law, security breach, data breach, data breach notification, it security, it security uk