Skip to the content

Law Commission to look at data breach rules



Investigation will focus on how law could be improved on breaches in protected government data

The Law Commission, the statutory independent body that reviews national law, is to conduct a review of the law surrounding breaches in protected government data.

In a brief statement on the exercise, the Cabinet Office said the review will begin early next year with the aim of being completed within 12 months.

“The government can use civil and criminal sanctions to manage instances where individuals do not protect government information as they should,” it said. “The Law Commission will research potential improvements to these sanctions and prepare a report for government.”

A spokesperson for the Commission told UKAuthority that so far it has no further detail on the terms of the review, but hopes to firm up the plans early in the new year.

While it was not stated, the review could have implications for the future responsibilities of the Information Commissioner’s Office, which currently has the mandate for investigating data breaches in the public sector and imposing fines that it deems appropriate.

Although neither the Law Commission nor the Cabinet Office related the review to the impending EU Data Protection Regulation, the timing – a day after an announcement from the European Commission that a final draft has been agreed – prompts speculation that it could lead to some changes in the law.

Some of the main features of the draft regulation are already in UK law, notably that people will have the right to know when their data has been hacked, and that organisations will have to notify the national supervisory authority of serious data breaches.

Image: Electronic Frontier Foundation graphic, Creative Commons Attribution 3.0 through Wikimedia.



Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.