A proposed new IT security law requiring companies to report data breaches has come in for criticism over the grounds of usefulness and fairness.
Imposing such a law would be less effective in aiding IT security than providing more and better advice to companies, according to a panel of experts, reports computerweekly.com.
Lord Harris of Harringey, co-author of the government's recent report on the issue, said best practice guidance was what companies really needed.
Calling for a "holistic" approach to the matter, he said: "Making it law for companies to report breaches is one part, but the government needs to provide more guidance to companies to prevent these in the first place."
Meanwhile, the president and chief executive of data encryption firm PGP, Philip Dunkelberger, said any new law had to be fair towards "both businesses and consumers".
He said the blame for security breaches sometimes lay with customers and not with businesses, for which reason each case should be treated on its own merits.
|
