Emergent Chaos

From a report published August 10 by the House of Lords select committee on science and technology:

5.55.  We further believe that a data security breach notification law would be among the most important advances that the United Kingdom could make in promoting personal Internet security. We recommend that the Government, without waiting for action at European Commission level, accept the principle of such a law, and begin consultation on its scope as a matter of urgency.

5.56.  We recommend that a data security breach notification law should incorporate the following key elements:

• Workable definitions of data security breaches, covering both a threshold for the sensitivity of the data lost, and criteria for the accessibility of that data;
• A mandatory and uniform central reporting system;
• Clear rules on form and content of notification letters, which must state clearly the nature of the breach and provide advice on the steps that individuals should take to deal with it.

One of the members of this committee, Lord Toby Harris, delivered a keynote at the most recent FIRST conference. His presentation (PDF) foreshadowed this report somewhat, and put me in a great mood. I am eager to read this report and the supporting evidence.

Tip of the hat to Light Blue Touchpaper, who have much more on this report (the scope of which is broader than just data breaches)