Security threats Toolkit

Companies urged to tell customers of data breaches

Published: 17 Jul 2007 14:31 BST

UK companies should warn customers if their personal data has been put at risk, according to the National Consumer Council.

Speaking at a Westminster eForum event, Anna Fielder, a policy consultant with the National Consumer Council (NCC), said UK companies should produce security-breach notifications, which inform an individual if their data has been compromised.

Fielder added consumers should also have the power to freeze their own credit ratings when needed, to help prevent identity fraud.

Sentry Posts Blog

Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

But not all the eForum panellists agreed with the introduction of breach notifications. Gillian Key-Vice, director of regulatory affairs with credit company Experian, said that, if a breach has been managed properly, there is no need for such notifications because they would cause "unnecessary concern" among the public.

More than four-fifths of UK consumers think companies that suffer data security breaches should let their customers know, according to a recent survey.

Also speaking at the Big Brother Britain? ID cards, surveillance and data security seminar, Jonathan Bamford, assistant commissioner for the Information Commissioner's Office, said that such notifications need to be kept in perspective and decisions to inform individuals should be made on a case-by-case basis.

Bamford added it would be counter-intuitive for a company to stop or slow down its efforts to overcome a security breach in order to send out emails informing its customers about that breach in the first place.

The UK's information commissioner called on chief executives to take the security of customer and staff information more seriously in a recent report.