The British government is incorporating the European Union's Data Protection Act, which will force ISPs and telecommunications firms to report data breaches to the Information Commissioner’s Office.
The news comes on the heels of the ICO getting the power to slap a fine of up to £500,000 on businesses running spam emails or text message scams and companies using browser cookies to track user activity without consent, all signs that government may be taking consumer privacy more seriously.
According to a report on PC Pro, the new laws will be the first data breach notification rules in the UK. Before this,only public sector organisations like the NHS were required to report data breaches, not ISPs and other telecoms.
The final details of the new data regulation have yet to be revealed by the government’s Department of Culture, Media and Sports but as per the EU regulations, ISPs and telecoms will be required to report data breaches in certain circumstances. The strength of the law will depend on how those circumstances are defined and how the enforcement mechanism that is put into place.
The UK is expected to copy the entire EU directive for changes in communication laws, the government said. The new EU laws, along with those for browser cookie tracking, will come into effect on May 25.