More legal news
20 April 2000 | Elizabeth Bellamy
UK companies need to raise their awareness of information security standards or risk being sued, e-commerce experts have warned.
Michael Bacon, a director at IT security consultancy SNCI, told delegates at this month's InfoSecurity conference in London that, while 80 per cent of companies were aware of the Data Protection Act 1998, only 20 per cent knew of the information security standard BS7799.
He added that only 30 per cent knew about the Computer Misuse Act 1990, which allows hackers to be prosecuted in criminal and civil courts.
"If you don't do something about information security, you're going to get sued," insisted Bacon.
Will Roebuck, legal advisory executive at e-commerce industry group e centreUK, said that organisations should follow the BS7799 standard to avoid breaching the Data Protection Act, which was introduced on 1 March 1998. Firms that do not comply risked unlimited fines, he added.
BS7799 sets out guidelines for information security and policy, training, security breaches and virus controls. Although it is best suited to large and medium-sized enterprises, as it may be too detailed for the IT infrastructure of small firms, all organisations should take heed. "It's a bit too extreme for small and medium-sized enterprises," said Roebuck, "but, ideally, all businesses need to look at it."
Patricia Hewitt, minister for e-commerce, said companies needed to build in information security measures, rather than just bolt them on. She added that all government departments were required to implement the standard by the end of the year.
A Department of Trade and Industry survey, Information Security Breaches 2000, which was released this month, found that security of payments was main concern of the 1,000 companies polled, with almost half saying it was the most important issue.
The survey also found that the second largest concern was the leakage of sensitive information (15 per cent said it was the most important issue), followed by access to systems from outside (11 per cent) and a loss of data about transactions (9 per cent).
Despite these worries, a recent report from global software company Intentia argued that security was not the main reason for firms to hold back on the development of e-commerce.
Intentia's E-business Report, which questioned 700 board-level executives in the US and western Europe, showed that waiting for customers and suppliers to take up the technology was their biggest concern, followed by a lack of skills within their companies and then security.
Almost half of the respondents classed e-commerce as important right now and more than four-fifths felt it would be important in the next two years. Their main security worry was the safety of financial transactions.* Details of the Information Security survey are available at www.dti.gov.uk. The E-business Report is available from Intentia on 01422 377611.