Thursday’s meeting was called in response to the Information Commissioner’s report that described the UK as a ‘surveillance state’, and follows several high-profile security breaches in recent months.
Giving evidence to MPs, the Executive Director of the International Association of Privacy Professionals Trevor Hughes said that while data needs to flow in an information economy, security must remain a priority.
Randal Gainer, an American Lawyer specialising in privacy and security, also giving evidence, warned the Chairman, the Rt Hon John Denham that even the threat of harsh punishments would do little to deter criminals. “The criminal element never think they will be caught!”, he said.
Companies are worrying, too; a stolen laptop or hacked account could lead to a damaging loss of consumer confidence in their brand. Mr Hughes believes that we will have to wait for cases like the TJ Maxx theft (described as the worst data theft ever) to play out before we know the true consequences for business.
The problem is not an entirely British one. In the year up to September 2006, criminals used stolen data to commit fraud against more than eight million individuals in America alone. These figures have led some states to take a rather unorthodox approach to protect their consumers.
Gainer told the group of MPs that in the American State of Minnesota, the costs of such thefts are being transferred to the businesses who are ‘protecting’ the data. While they didn’t actively cause the offence, their systems were breached. This new trend is now expected to be taken up in numerous other states.
The Rt Hon John Denham said that most companies in the UK would feel ‘dangerously exposed’ without a member of their board to concentrate on health and safety, and questioned why most companies fail to appoint a member of their board to look after their customers’ data in the same way. Both Gainer and Hughes agreed that this is something that should become more and more common as time goes on.
Before leaving, Mr Hughes also raised concerns about the public’s level of awareness when it comes to the data held about them. He said that, “in the UK there seems to be a greater acceptance of governmental use of data” than in the US.
Civil liberties groups have already raised concerns about the blurring line between data held by private companies and by the state.