UK not following Ireland in mandatory data loss reporting

After pressure was put on the Irish government to enforce regulations that make the reporting of data loss incidents a requirement of all businesses, the Information Commissioner’s Office (ICO) has said that it will not be taking similar action in the UK.

There is no obligation to make the ICO aware of individual cases of data loss at the present time, but the ICO has made it clear that although it is not mandatory, firms around the UK are expected to be transparent when such an event does occur.

In Ireland, the Data Protection Commissioner spoke of the possibility of implementing rules that would require the reporting of data loss involving the details of more than 100 people, adding that it is his intention to lobby the Irish government to see that these proposals become law.

The ICO said that there were already elements of the Data Protection Act that are in place to ensure that private data is properly secured and cared for. It went on to say that while it would not be seeking similar regulatory changes to those suggested by its Irish counterpart. Rather, it would continue to expect UK businesses to come forward and report data loss and security breaches if the security of customer data has been compromised.

The ICO did not rule out changes in the law that may move towards the Irish proposition, but it did say that these would have to be driven by the government and would ultimately come as a result of serious analysis and debate.

The ICO’s David Smith has not spoken about this latest story, but he has previously suggested that a review of EU rulings might come to similar conclusions as the Irish watchdog, stating that Internet Service Providers (ISPs) will be governed by similar rules in the near future and that a roll-out to all businesses could be on the cards if this proves to be a useful exercise.

It is clear that, for the time being, only the most serious data breaches are receiving the attention of data security regulators and although a change in the UK law is not planned, its arrival would not be entirely unexpected.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal