No Forced Disclosure of UK Data Breaches, Says ICO

The UK's Information Commissioner's Office (ICO) has confirmed that it has no plans to force organisations to report data losses.

The ICO says that it still considers it best practice for organisations to report data losses, and expects them to take adequate measures to prevent breaches from happening again.

In a statement, the ICO said: “Changes to the law are ultimately a matter for the government. Should legislation be proposed to compel UK organisations to notify people when a data breach occurs, it must be properly considered before it is introduced in the UK.”

Speaking at the Infosec security conference in April, deputy commissioner David Smith announced that the ICO planned to implement the Data Protection Act more forcefully in the light of European review of directives.

The Data Protection Authority of Ireland has announced that all organisations operating in the country are required to report a case of data loss if it concerns more than 100 individuals.