(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Two reports were published on 24 November 2008 by UK Ministry of Justice related to the data breach notification law, the powers of the Government to share data and the Information Commissioner's inspection powers and funding arrangements.
One of the reports states that the law requiring that significant data breaches should be notified to the Information Commissioner Office was rejected, the ministry considering that the notification should be subject to good practice and not to a law: "As a matter of good practice any significant data breach should be brought to the attention of the ICO and that organisation should work with the ICO to ensure that remedial action is taken" says the report which adds: "The ICO will take into account the failure of an organisation to notify any breaches of the data protection principles when considering enforcement action."
The modification of the EU ePrivacy Directive introduces such an obligation to telecommunications companies and Peter Hustinx, the European Data Protection Supervisor, said in April that that law should be extended to banks, online businesses and medical bodies.
William Malcolm from Pinsent Masons said a breach notification law might have anyway been unnecessary as the lack of dealing with responsibly in case of data breach would lead to a breach of the Data Protection Act anyway.
The report also announced that new laws would increase the powers of the Government to share data, introducing a fast-track procedure to allow data sharing when "a robust case" could be made. "We intend to bring forward legislation to confer upon the Secretary of State a power to permit or require the sharing of personal information between particular persons or bodies, so long as a robust case can be made to use that power. The power will also be used to simplify the data protection framework and remove any unnecessary obstacles to data sharing" says the report.
The new legislation will also place a statutory duty on the ICO to prepare, publish and review a Code on the sharing of personal data that would will provide guidance on how organisations can share personal data and promote good practice in the sharing of personal data. "A breach of, or compliance with, the Code will be taken into account by the courts, the Information Tribunal and the ICO whenever it is relevant to a question arising in legal or enforcement proceedings".
A second report acknowledged the necessity of a framework that would increase "public trust and confidence in the handling of personal data by both the public and private sector." The report proposes measures complementing ICO's present powers and ensuring it has the necessary and effective instruments to carry out its regulatory functions.
The UK does not need a data breach notification law, says Government
(25.11.2008)
http://www.out-law.com//default.aspx?page=9619
Government announces new law for increased data sharing (25.11.2008)
http://www.out-law.com/page-9617
ICO to get powers to audit public bodies without consent (25.11.2008)
http://www.out-law.com/page-9618
The Information Commissioner's inspection powers and funding arrangements
under the Data Protection Act 1998 Summary of responses (24.11.2008)
http://www.justice.gov.uk/docs/information-commissioner-consultation-r...
Why we don't need a security breach notification law in the UK (19.05.2008)
http://www.out-law.com/page-9128
EDRigram: Data breach notification - different opinions in EU bodies ?
(19.11.2008)
http://www.edri.org/edri-gram/number6.22/data-breach-ec