A sub-committee of the House of Lords Science and Technology Select Committee issued a formal call for evidence on their examination of personal Internet security in July. Since then SCL, and members of the SCL Internet Interest Group and SCL Privacy and Data Protection Group in particular, have conducted meetings and exchanged views with the aim of producing a formal submission. That submission was sent to the Committee on 23 October.
The SCL submission suggests that the group most able to influence the levels of personal Internet security are the ISPs or other Internet access providers: ‘We consider that close examination should be given to whether an obligation on ISPs to implement access controls and technical security measures could be expected to reduce the security risks, and whether this could be done cost-effectively’. The summary of the recommendations made to the House of Lords Committee is as follows:
• Communications providers be regulated by Ofcom to ensure that minimum standards of information security or network integrity based on industry/internationally recognised standards are adopted;
• Hardware and software that incorporate security or other protection measures should be distributed to consumers with the security functionality ‘turned-on’, as the default setting for such hardware and software;
• The National High Tech Crime Unit be reformed;
• The resources for enforcement of the seventh data protection principle (the obligation for data controllers to implement appropriate technical and organisational measures for the security and integrity of personal data) be increased, possibly by a self-funding mechanism from the levying of increased penalties for breach of the principle; and
• Data controllers should be subject to an obligation to notify security breaches to the data subjects whose data has been compromised, as well as to the Information Commissioner.
The SCL trustees are grateful to Ian Walden of the Institute of Computer and Communications Law, David Berry of Charles Russell LLP (Chairman of the SCL Privacy and Data Protection Group) and Laurence Kaye of Laurence Kaye Solicitors (Chairman of the SCL Internet Interest Group) for driving the SCL response and to all the members of the SCL Privacy and Data Protection Group and Internet Interest Group who contributed to it. Particular thanks go to Andrew Sharpe of Charles Russell LLP who spent many hours drafting the response and taking account of the input received.
For the full SCL submission, click here. For more on the investigation, click here.