Non-profit IT security organisation ISACA has joined the Information Commissioner’s Office (ICO) in calling for the creation of rules, which ensure that all data loss and security breaches are reported to the proper authorities, but it suggests a different timescale for mandatory announcements.
The ISACA believes that UK businesses should report data loss and breaches on a quarterly basis, tying them in with the publication of information on financial performance and culminating in an annual report.
The justification for this arrangement is that it would stop individual businesses coming under the media scrutiny that would follow individual mandatory reports of data loss, if they were given out in real time. This setup would also benefit shareholders and company workers, as they could be made aware without there being a wider outcry, according to the ISACA’s Rolf von Roessing.
Mr von Roessing said that enforcing mandatory reports in the event of security breaches was definitely a step in the right direction, but creating quarterly announcements would cause less damage to the reputation of firms and would also preserve share prices in the long term.
Mr von Roessing believes that there is general support for this movement amongst business leaders from around the world and that this means a growing acceptance of the fact that data loss and security breach scandals need not lead to scapegoating and crucifixion in the eyes of the press.
The ISACA accepts that businesses and the wider public must be educated about the dangers of security breaches and data loss, but it believes that it is more important to show that businesses are able to come back from such incidents wiser and better equipped to deal with threats in the future. It says that widely criticising a business can destroy its reputation and ultimately become more damaging than the data loss itself, which is ultimately undesirable for all parties.
The debate over mandatory data loss reporting is ongoing and new opinions are being added at all times, although it looks like the UK is certainly moving towards a change in this area.
