Data protection laws in the UK are inadequate and need reworking, according to half of respondents to a Sophos survey.
Of the 1,200 organisations that were polled, half claimed the current legislation is too lax while 87 per cent agreed companies should be forced to report on sensitive data breaches.
Far fewer, 16 per cent, showed concern about the costs of complying with current laws.
The results come not long after the UK was asked by the European Commission to show what measures it will be taking to ensure the country's laws comply with the EU's Data Protection Directive.
Furthermore, the Ministry of Justice initiated a Call for Evidence earlier this month which will ask for views on how the European Data Protection Directive and the Data Protection Act are working.
Anxieties about the state of data protection law in the UK were voiced at a roundtable event this morning hosted by Sophos and law firm Field Fisher and Waterhouse (FFW), who teamed up earlier this year to help companies with information breach and loss concerns.
Stewart Room, partner for the privacy and information law group at FFW, advocated the introduction of mandatory reporting into UK law as well as an uncapped financial penalty, rather than the 500,000 limit on the Information Commissioner's Office's (ICO) punitive powers.
"The moment you have a cap, it is the moment you lose the power of your arsenal," he suggested.
Room said if the ICO began fining companies at the top end of the cap, harsher penalties would not be available when more significant data breaches occur.
James Ford, head of the ICO's press office, explained that the body will be using its powers in a proportionate way and pointed out that the new 500,000 fining power was only initiated in April. It is yet to be seen what the body will do with its new punitive capabilities.
"In terms of self-reporting breaches, obviously the ICO and the commissioner encourage organisations that experience a security breach to come to the ICO to talk to us about that so we can help their organisation get things in order for the future," Ford said.
"The commissioner has the power to take a range of actions against organisations that experience security breaches and the reasons why he has those powers comes back to deterrent. The commissioner is not in the business of waving his big stick for the sake of it, he is in the business of making sure board rooms understand the importance of the issues we are talking about today," Ford commented.
"It is vital that all organisations, be they large or small, take data protection more seriously and we are seeing that," he added.
But Room claimed the majority of companies in the private sector do not report breaches as they are unwilling to risk being fined or have their reputation tarnished. He also pointed out that a breach of security does not always mean a law has been broken.
"Burying the bad news is the bit that we have got to tackle," the lawyer said, after calling for greater clarity in UK data protection legislation so companies understand their position better.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
96% of SMBs are missing critical cybersecurity skills – here's whyNews The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualizedReviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
