New book warns data breaches present major threat to critical infrastructure and that regulation is failing
24 November 2009
A new guide to data security written by a leading lawyer in the
field warns there is a real danger of a collapse of critical
infrastructure as a result of a data security breach. Author
Stewart Room is a partner in the
Privacy and Information Group at law
firm, Field Fisher Waterhouse and President of the National
Association of Data Protection Officers. Whilst researching
the book he uncovered a major lack of confidence in current data
security regulation with a substantial deficit between the
regulatory powers needed to prevent serious breaches and those
that have been granted.
The Information Commissioner’s Office (ICO) has seen 424
organisations report data security breaches in the past 12 months
compared to 277 the year before. This is a growing problem,
however so far most serious data losses have been as a result of
either mishandling or negligence within the affected organisations
and therefore the consequences have been relatively minor. The
book warns that a more serious threat comes from malicious
breaches, either by cyber-criminals and hackers or from those
inside the organisation such as the recent T-Mobile
breach.
Whilst researching the book Stewart spoke with many security
professionals, technical experts and interested
Parliamentarians. The experts agreed that we are facing
unprecedented challenges in the area of data security, with the UK
under sustained attack from cyber-criminals.
Stewart Room
said: “Fortunately, we have not yet experienced the full potential
of a data security breach. If we do the effect on governments
and world economies could be huge. What would happen if there was a
catastrophic failure of data security within the heart of the
already troubled financial services sector, rather than at the
periphery? What would the consequences of a catastrophic failure of
data security within law enforcement or other critical national
infrastructure be? The HMRC case led to more stringent data
protection standards for the public sector but HMRC was concerned
only with threats arising from negligence. The potential
implications of a breach caused by malicious activity or failure of
technology have not yet been exposed on a large scale.”
The book “Butterworths Data Security Law & Practice”
examines lessons to be learnt from recent breaches and regulatory
actions by the Information Commissioner and the FSA, providing
practical guidance for compliance and a comparison of the treatment
of security breaches across the European Union and in the US.
It comes at a time when the ICO is ramping up its powers, with
penalties which could be as much as £500,000, set to come into
force next year.
A website dedicated to advice on data security has also been
launched by Field Fisher Waterhouse along with KPMG and RSA
Security. breachaction.co.uk provides
companies that have suffered a data breach with access to a range
of expert help.
The book is published by Lexis Nexis.
For further press information, or if you would be
interested in reviewing the book please
contact:
Louise Eckersley, PR Manager,
on 020 7861 4120.