While I find the number and frequency of data breaches in the news to be criminal I’m not sure about this story. The MPs in the UK are calling for the criminalization of data breaches. Granted they have suffered through more than their share in recent months. However, crying for the head of the sysadmin is a bit melodramatic. Invariably it will fall on them.
From AFP:
In a report, the Commons justice committee said it had found widespread and systemic failings” in the government’s handling of sensitive data, in a review following the loss of 25 million people’s personal details by HM Revenue and Customs.
The MPs warned that more cases would come to light involving the loss of personal data.
“The scale of the data loss by government bodies and contractors is truly shocking but the evidence we have had points to further hidden problems,” said Alan Beith the committee’s Liberal Democrat chairman.
“It is frankly incredible, for example, that the measures HMRC has put in place were not already standard procedure,” he added.
Now in a situation such as this who would get the axe? The guy on the line, management or both? I’m not defending one or the other but cautioning that some rational thought should be applied. We have endured a number of knee jerk reaction pieces of legislation over the years. *cough* Patriot Act *cough*
Union bluster notwithstanding, should there be criminal provisions? Sure. But, please for the love all that is holy please take the time to cobble together a sane piece of legislation.
[tags]Data Crime, Data Security, Security Best Practice, UK Data Security[/tags]