Data Breach Laws Likely To Become More Widespread

Business Lawyer Says Businesses Must Act Now To Avoid Fines


By David Shirt

New laws which make it necessary for Internet Service Providers (ISPs) and Telecoms firms to disclose data breaches within 24 hours are likely to become far more widespread and made applicable to others sectors of the economy, says a leading business lawyer at Irwin Mitchell.

As of August 2013 The Privacy and Electronic Communications Regulations (PECR) make it compulsory for relevant businesses to inform the Information Commissioner’s Office (ICO) of any data breach within 24 hours or risk a fine for £1,000. In addition, a business must keep a log of which contains the facts surrounding the breach, the effects of that breach and the remedial action taken.

According to the ICO, a data breach means ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provisions of a public electronic communications service.’

Joanne Bone, a partner in the Leeds office of Irwin Mitchell, said: “These laws are all about providing security to members of the public when they send personal information electronically.

"This is another sign of the ICO toughening up its approach to data breaches. Although it is vital that ISPs and telecoms businesses know what their duties are in relation to PECR, it is important also that other organisations are also aware of them and prepared as it shows the direction data protection legislation is moving and it may well be that these regulations will be rolled out to other sectors down the line.”