Incident Highlight - UK: Gov't rules out data-breach notification law
2008-11-26 by Lyger
The UK government has announced that it will not be implementing a data-breach notification law.
Following a recommendation by information commissioner Richard Thomas in July, the government announced in a report on Tuesday that it will not introduce a compulsory data-breach notification law for private-sector organisations.
"After considering the analysis of the experience of the US in the area of data-breach notification legislation, the government is not intending to implement similar legislation to that in operation in the US," states the Response to the Data Sharing Review Report.It is already mandatory for public-sector organisations to report any significant actual or potential losses of data to the Information Commissioner's Office (ICO). Private-sector organisations should report data breaches "as a matter of good practice", states the report, and the ICO should take into account of any lack of reporting by a private-sector organisation in its enforcement action.
Fines for companies that are found in breach of data-protection laws are to be raised, states the report. The Ministry of Justice is working with the ICO to determine the level of the maximum fine.
Support OSF Data Loss
OSF needs your support! You can support OSF's DataLossDB in several ways, such as contributing news articles about data loss incidents or by updating older incidents as new information becomes available. Financial donations, which will support hosting, hardware upgrades, and advertising are also appreciated. If you wish to make a donation, please do so via the Google checkout link below.
About OSF Data Loss
DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one, and with the move to Open Security Foundation's DataLossDB.org, asks for contributions of new incidents and new data for existing incidents. For any questions about this site or the data contained within the site, please contact curators@datalossdb.org.
Latest Incidents
| records | date | organizations |
|---|---|---|
| 6,000 | 2008-12-02 | United States Army |
| 3,200,000 | 2008-11-27 | C-W Group |
| 69 | 2008-11-25 | Weber State University |
| 59,419 | 2008-11-25 | Luxottica Group |
| 97,000 | 2008-11-24 | Starbucks |
| 40 | 2008-11-23 | Wawa |
| 57 | 2008-11-22 | North Carolina Department of Health and Human Services |
| 1,367 | 2008-11-22 | Maryland Department of the Environment |
| 200 | 2008-11-21 | Jackson-Madison County School System |
| 13,500 | 2008-11-18 | British National Party |
Search
Largest Incidents
| records | date | organizations |
|---|---|---|
| 94,000,000 | 2007-01-17 | TJX Companies Inc. |
| 40,000,000 | 2005-06-19 | CardSystems, Visa, MasterCard, American Express |
| 30,000,000 | 2004-06-24 | America Online |
| 26,500,000 | 2006-05-22 | U.S. Department of Veterans Affairs |
| 25,000,000 | 2007-11-20 | HM Revenue and Customs, TNT |
| 17,000,000 | 2008-10-06 | T-Mobile, Deutsche Telekom |
| 12,500,000 | 2008-05-07 | Archive Systems Inc, Bank of New York Mellon |
| 11,000,000 | 2008-09-06 | GS Caltex |
| 8,637,405 | 2007-03-12 | Dai Nippon Printing Company |
| 8,500,000 | 2007-07-03 | Certegy Check Services Inc, Fidelity National Information Services |
Breach Types:
- Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
- Email | Fraud Se | Hack | Lost Computer
- Lost Document | Lost Drive | Lost Laptop | Lost Media
- Lost Tape | Missing Laptop | Snail Mail | Stolen Computer
- Stolen Document | Stolen Drive | Stolen Laptop | Stolen Media
- Stolen Tape | Unknown | Virus | Web