Encryption: Is There a legal Obligation?

On the morning of Sunday 25th of October, Dido Harding, the head of TalkTalk stated that her company was under no legal obligation to encrypt customers’ sensitive data.

Louise Bulman, VP EMEA at Vormetric, has issued the following comment in response:

“Given it has been reported some of the giant telco’s subscribers’ credit card details have been compromised, customer’s bank accounts are already showing signs of suspicious activity and subscriptions are being cancelled, Harding’s comments about encryption are not just untimely but grossly insensitive to those needlessly affected by this breach. While we can agree, in essence, that current UK data regulations are behind the times when it comes to data protection best practice, encryption of sensitive customer information equates to pure and simple common sense in this day and age.

“The fact of the matter is that the implementation and deployment of encryption doesn’t need to break the bank or disrupt business processes – not in the way it once did. TalkTalk shouldn’t waste time bemoaning the criticism it faces but acknowledge that they could have done more; not least even this is the third attack it has suffered in a year. With an encryption solution, sensitive data in structured databases and unstructured files can be secured – whether it is information stored in databases or included in spreadsheets, word documents, presentations or graphics – it can be made inaccessible to anyone not authorised to see it. In doing so, encryption is one of the smartest moves any organisation prepared to take data security seriously can make.

“The time has come to face up to the realities of today’s cybercrime riddled world; attackers will find a way to breach networks and systems so the necessary protection must be added to counteract it. As such, in the wake of this crisis, the best thing any executive can do is to take the time to understand the data security challenges they face and do their due diligence in researching the technical solutions available to them. This will require time and patience – two words C-level executives aren’t fond of – but, the potential ramifications that come from not paying attention to developments in security technologies and inadvertently trying to cut corners absolutely aren’t worth any type of perceived short-term benefits. As we all know by now, a breach such as this can cause untold reputational and financial harm – to both the business and the customers affected. The data entrusted to a company by their customers shouldn’t ever become the collateral damage when a cyberattack has taken place; it’s just not good enough.”

The following two tabs change content below.

David Dungay

Editor - Comms Business Magazine