Chair of the House of Lords Science and Technology Committee, Lord Broers draws attention to the fact that UK legislation has serious deficiencies in terms of security. The British Government must take action with regard to three major issues: there is a need for a law that will force organizations to report any data loss; banks must take responsibility for computer fraud; and last but not least, the police's response to e-crime is less than satisfactory.

Data Breach Law

Lord Broers comments: "It's completely unacceptable that there's no data-breach law. If people have lost data, they are under obligation to let people know. They should be required to tell them. It's unacceptable that organizations not tell people for an extended period of time."

This is not the first time that the Committee warns about the dangers of data loss. A report was issued in August last year, and a follow-up just days ago. A year ago the UK Government was quick to dismiss the report, even though it emphasized the need for a data-breach law, but after all the recent data loss incidents it is surely reconsidering it.

Lord Broers again: "Data can be categorized to be regarded as 'serious'. If data lost is already in the public domain, then there's no need for notification. It's just a matter of drawing up the legislation appropriately and carefully."

A new Banking Code

Modifications to the Banking Code must also be made. The current legislation only provides a few guidelines for refunding e-crime victims. The legislation needs to be more drastic and the banks must be held responsible. If you fall victim to fraud and want to recover your money, it is your duty to prove that you have taken all the necessary safety precautions and you were not negligent with the data - at least that is what the current legislation says. A change or roles is required: if the bank wants to deny a refund, then it is the bank's job to prove you were not careful with your private data.

Richard Clayton from the University of Cambridge: "Banks choose the security mechanisms and how much effort they put into detecting patterns of fraud, so they should stand the losses if these systems fail. Holding individuals liable for succumbing to ever more sophisticated attacks is neither fair, nor economically efficient."

Better Law Enforcement Response

It is currently the police's job to investigate e-crimes. But it is more than obvious that they are not prepared to do such a thing. "Ultimately, it's the police who should investigate these crimes. It's not clear that these cases are investigated. A lot appear to not be investigated at the moment, which is only encouraging these crimes," says Lord Broers.

E-Victims is a nonprofit organization that was founded a few months ago with the goal of providing much needed help to e-crime victims. Founding the organization became a necessity after numerous counts of online fraud and other forms of online illegal activities were simply disregarded by the authorities. People found out that going to the police in order to report online fraud would solve nothing.

Jennifer Perry Communications Director with E-Victim's: "Cyber-crime is being ignored by the Government, and the low priority that it puts on this problem filters down to the law-enforcement agencies and other authorities. The police just tell people they don't have the resources or expertise to handle online crime."