Companies should be subject to US style disclosure laws and face tougher penalties

Consumers in the UK want tougher penalties for organisations that lose customer data, according to research results released by LogRhythm.

In a poll of 5000 consumers, four out of five felt that companies should be subjected to a US-style breach disclosure law, compelling them to publicly declare data loss incidents.

The research stated that 70% of consumers believe more prescriptive regulations need to be put in place, and many think that punishments should be tougher, for example large fines, or even being subject to criminal proceedings.

In response to the recent European Commission personal data protection strategy document, the European data protection supervisor expressed his support for wide-ranging reform of data protection laws, including the execution of mandatory data breach notifications.

The research suggests that the public strongly supports these moves. Ross Brewer, vice president and managing director of international markets at LogRhythm said: “Data … shows that data breaches are still rife in the UK, and this seems to have lead to a change in the public mood. There is now a common desire to see definite steps taken to force organisations to clean up their act.”

Sixty three percent of consumers surveyed expressed concern that they may become victims of identity theft through no fault of their own, while approximately 50% believe that neither public nor private sector organisations have sufficient security measures in place to satisfactorily safeguard sensitive data.

Brewer added: “This lack of public confidence needs to be addressed by businesses and the government as soon as possible. As organisations become involved with the loss of confidential information, consumers will actively avoid doing business with them. Those taking a lax approach to data security won’t just lose face, they will also lose customers.”