The Culture, Media and Sport Select Committee, of which I am a member, has published a report recommending a new custodial sentence of up to two years for those convicted of unlawfully obtaining and selling personal data.
The Committee's recent inquiry into cyber-security was triggered by a series of data breaches at Talk Talk, but the Committee has warned that the problem is significant, growing, and affects all sectors with an on-line platform or service.
The Committee also focused on strengthening consumer rights and awareness of scams, implemented and enforced by a series of new requirements and sanctions on company directors and chief executives.
Committee recommendations included:
· Companies must make it much easier to verify if communications, whether online or by telephone, are genuine. The ICO’s system of sanctions should include fines for companies that fail to do this
· It should be easier for victims of a data breach to claim compensation
· It is not enough for companies to say they weren’t aware. Breaches are common, and all companies need to plan and test for that eventuality
· Further, they need to demonstrate they have identified and addressed the weaknesses that have led to any data breaches
· The vulnerability of the massive new data pools that will be created by the Investigatory Powers Bill needs to be urgently addressed by Government
· Good cyber practice will need to evolve and develop: this is essential to maintain consumer confidence and Britain’s place as the top internet economy in the G20
· There needs to be a step change in consumer awareness of on-line and telephone scams, and the Government should initiate a public awareness-raising campaign, on a par with its campaign to promote smoke alarm testing
Cyber Security is a big issue in the modern world and its only growing in significance. Ninety per cent of large organisations have reportedly experienced a security breach, and 25% of companies experience a cyber-breach at least once a month. More needs to be done to inform and educate customers and companies about cyber security.
Companies must stay one step ahead of potential attacks and have proper processes in place to ensure this is the case. It must be a key priority of all companies to protect and inform their consumers, and for Government and Regulators to oversee that they protect customer’s properly.