Jail data abusers says Culture, Media and Sport Committee report

Monday 20 Jun 2016 @ 13:10
Parliamentary Committees and Public Enquiries

The Culture, Media and Sport Committee publishes report recommending a new custodial sentence of up to two years for those convicted of unlawfully obtaining and selling personal data. It has also said the Information Commissioner's Office (ICO) should also have a robust system of escalating fines at its disposal to sanction those who fail to report, prepare for or learn from data breaches.

Inquiry background

The Committee's recent inquiry into cyber-security was triggered by a series of data breaches at Talk Talk, but the Committee has warned that the problem is significant, growing, and affects all sectors with an on-line platform or service. Ninety per cent of large organisations have reportedly experienced a security breach, and 25% of companies experience a cyber-breach at least once a month.

The public sector fares no better: the latest research from the ICO shows that the health sector has the most data breaches, followed by local government. Furthermore, not all threats to cyber security or data protection are from external actors: over 40% are caused by employees, contractors and third party suppliers, and half of these are accidental.

Company responsibility and consumer rights

The Committee also focused on strengthening consumer rights and awareness of scams, implemented and enforced by a series of new requirements and sanctions on company directors and chief executives, including:

Companies must report their cyber security and data protection strategies to the ICO
They should also include these in their annual reports, in the same way as the requirement for environmental and social reporting where material: quadruple bottom line reporting
It is appropriate for the CEO to lead a crisis response, should a major attack arise, but cyber security should sit with someone able to take full day-to-day responsibility who can be fully sanctioned if the company has not taken sufficient steps to protect itself from a cyber-attack
To ensure this issue receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cyber security

Committee recommendations

Companies must make it much easier to verify if communications, whether online or by telephone, are genuine. The ICO’s system of sanctions should include fines for companies that fail to do this
It should be easier for victims of a data breach to claim compensation
It is not enough for companies to say they weren’t aware. Breaches are common, and all companies need to plan and test for that eventuality
Further, they need to demonstrate they have identified and addressed the weaknesses that have led to any data breaches
The vulnerability of the massive new data pools that will be created by the Investigatory Powers Bill needs to be urgently addressed by Government
Good cyber practice will need to evolve and develop: this is essential to maintain consumer confidence and Britain’s place as the top internet economy in the G20
There needs to be a step change in consumer awareness of on-line and telephone scams, and the Government should initiate a public awareness-raising campaign, on a par with its campaign to promote smoke alarm testing

Chair's comment

Jesse Norman MP, Chair of the Committee, said:

"Companies must have robust strategies and processes in place, backed by adequate resources and clear lines of accountability, to stay one step ahead in a sophisticated and rapidly evolving environment. Failure to prepare for or learn from cyber-attacks, and failure to inform and protect consumers, must draw sanctions serious enough to act as a real incentive and deterrent.

As the TalkTalk case shows, the reality is that cyber-attacks are a constant, evolving threat. TalkTalk responded quickly and well to this attack, but appear to have been much less effective in the past, failing to learn from repeated breaches of different kinds.

They should now publish as much of the PWC investigation as commercially possible without delay, and set out exactly how they will implement any necessary changes. Everyone must take the lessons from the Talk Talk breaches as a wake-up call – both in how they prepare to prevent cyber-attacks, and in how they deal with their consumers when those attacks occur."

Channel website: http://www.parliament.uk/

Share this article

Latest News from
Parliamentary Committees and Public Enquiries

MPs publish report on Government’s Holocaust Memorial proposals

26/04/2024 12:20:00

MPs today publish their report on the Government’s plans for a Holocaust Memorial and Learning Centre next to Parliament.

Freeports and investment zones governance ‘must be urgently improved’, say MPs

26/04/2024 11:20:00

A new report by the cross-party Business and Trade Committee demands the Government ‘urgently improve’ governance and transparency at freeports and investment zones.

Education Committee publishes Govt’s response to Ofsted report

25/04/2024 09:10:00

The Education Committee has published the Department for Education’s (DfE’s) response to its report on Ofsted’s work with schools.

Britain and Northern Ireland diverge on fruit packaging due to new EU proposals

23/04/2024 12:15:00

New EU fruit and vegetable rules will create further differences in how fruit is sold in Great Britain and Northern Ireland, according to the European Scrutiny Committee’s latest report.

Gambling regulation: Culture, Media and Sport Committee publishes Government response to report

22/04/2024 16:25:00

The Culture, Media and Sport Committee recently (19 April 2024) published the Government’s response to its report on gambling regulation.

Still no fines as a result of 2022 Russian sanctions breaches

19/04/2024 16:25:00

No fines for sanctions breaches have been levied as a result of the 2022 sanctions against Russia since its full-scale invasion of Ukraine, correspondence from the Foreign, Commonwealth and Development Office (FCDO) reveals.

Government rejects Committee’s calls for increased parliamentary scrutiny of treaties

18/04/2024 13:05:00

The Public Administration and Constitutional Affairs Committee (PACAC) today publishes the Government’s response to its report on scrutiny of international treaties.

New select committee proposed to provide scrutiny of highly confidential spending

15/04/2024 13:05:00

The Public Accounts Committee (PAC) today calls for the establishment of a new select committee, to consider sound financial practice and value for money in sensitive areas which are outside the remit of the statutory Intelligence and Security Committee of Parliament.

Government should learn lessons from pandemic to improve communications and counter misinformation

12/04/2024 15:05:00

Scientists working across government should be allowed and encouraged to take on a wider public facing role in the media to combat the spread of misinformation, a report from MPs says today.

WIREDGOV