Data protection watchdog calls for breach notification law

Any new rules must apply to government as well as business, says deputy information commissioner

The ICO welcomes a breach notification law

The deputy information commissioner David Smith has called for a data breach notification law in the UK - on the condition that it is easy to police.

Forty different US states have introduced versions of such a law - which forces companies subjected to an IT security breach or exposure of personal data to inform affected customers - to a mixed reception stateside from customers and businesses.

But a similar balanced law in the UK would be a good thing, said Smith.

"A law would be welcome, but it should be a good one – please can it be simple and easy to understand unlike the one we currently have to administer," he said.

"It must not impose a disproportionate burden on businesses otherwise it becomes worthless."

Smith also said that any breach notification law must apply to government as well as businesses.

"Risks are developing faster in government – there is more information exchange there and it is not controlled by the same commercial pressures as the private sector," he said.

The Information Commissioner's Office (ICO) polices the complicated principles-based Data Protection Act - which the Conservative party has suggested cutting back because it presents businesses with too much red tape.