UK firms urged to review security strategy

Legal expert Stewart Room tells firms to prepare for new data loss penalties

Room: Adopting an honourable stance from the outset will make data loss incidences easier to defend

A legal expert has urged UK businesses to review their data security strategies, ahead of the introduction of new Data Protection Act penalties.

From next month, any organisation that fails to comply with the Data Protection Act (DPA) 1998 could face fines of up to £500,000.

Stewart Room, a partner at law firm Field Fisher Waterhouse LLP, said most firms do not have good systems in place to manage security breaches and incidents of data loss, leaving them at risk of a fine.

He said: “The law is about changing behaviours, so if you adopt an honourable stance from the outset, doing the right thing at the right time, then your legal team are in a very strong position to defend you to the regulator.”

This approach, said Room, would make it easier for the company’s legal team to prevent a regulator issuing them with the full fine as a punishment.

In a recent online poll by Infosecurity Europe, a third of the 150 organisations that took part admitted having no system in place to deal with security breaches.