Monday, March 17, 2008

Response from the petition on data security breaches

Here is the response from the petition on notification about data security breaches:

"The Government acknowledges public concerns over recent losses of personal data in both the public and private sectors. Although the Data Protection Act 1998 (DPA 1998) does not currently require data controllers to report breaches of security which result in the loss, release or corruption of personal data, data controllers have a statutory responsibility to ensure appropriate and proportionate security of the personal data they hold. This is reflected in the 7th Principle of the DPA 1998. In October 2007, the Prime Minister asked Richard Thomas, the Information Commissioner and Dr Mark Walport, Director of the Wellcome Trust, to undertake an independent review into the way personal information is shared and protected in the public and private sectors. The review is going to consider whether there should be any changes to the way the DPA operates in the UK and the options for implementing any such changes. The review will include recommendations on the powers and sanctions available to the regulator and courts in the legislation governing data sharing and data protection. It will also make recommendations about how data sharing policy should be developed in a way that ensures proper transparency, scrutiny and accountability. The Government awaits the outcome of the review with interest and will consider any recommendation that calls for legislative changes relating to breach notifications. In the meantime, we understand that the Office of the Information Commissioner plans to publish helpful guidance to all data controllers on breach management and notification. The Prime Minister has also asked Sir Gus O'Donnell, the Cabinet Secretary, with advice from the Government's security experts, to work with Departments to ensure that all Departments and agencies check their procedures for the storage and use of data. A full report will be published in Spring 2008."

No comments: