IT security regulations ‘totally out of date’

Expert panel blasts current framework

The legal framework in which businesses operate their IT and data security is "totally outdated" and dates "from the 20th Century, while attempting to tackle problems in the 21st", according to a panel of experts.

Michael Chertoff, former Secretary at the US Department of Homeland Security, told the CyberSecurity Summit in London that lawmakers were ill-advised to attempt to adapt the existing framework to a fast changing data environment.

"We need to start with a clean sheet of paper and decide what security we want to promote," he said. "The military, the police, governments, businesses and individuals all have their own ideas of what needs doing and how to do it."

"We've got to separate the IT security problems that pose a risk to the state, those that risk life and limb, and those that endanger personal data," he said.

It was wrong to "start with the law and try to fit it to the facts", said Chertoff, now the co-founder of his own security advisory group. Adjusting existing laws would mean "thinking in categories that are not relevant".

Stephen Deadman, legal head at Vodafone, said the people being monitored by regulators under data security laws did not always count as the "full picture" of those involved. "Often people look at the data controller, but what about all the intermediaries handling and processing data in any organisation? Also, what about the international transitioning of data in businesses? What is there to address this?"

Deadman said there was an increasingly difficult conflict between people voluntarily placing swathes of data on sites such as Facebook and Twitter, and increasingly demanding data security and privacy elsewhere. "The law really needs to address this," he said.

Stewart Room, a partner at law firm Field Fresher Waterhouse, with expertise in data privacy, said the law "needs to introduce a proper obligation [on businesses] for IT security", if the current confusion among businesses, on what they need to do, is to be tackled.

"The threats are considerable, and there need to be proper laws," he said. "It's just naive to think people will protect assets without a law."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags servicesoutsourcingapplicationssecuritysoftwarecareersIT managementIT Business

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Leo King

Unknown Publication
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?