The draft Online Safety Bill may be a step too far – would more punitive measures against board room members be a better solution? asks Colin Tankard, pictured, Managing Director of cyber security company, Digital Pathways.
He says: “We already have considerable cyber security regulation with GDPR, Cyber Essentials, now heavily promoted by government and, the ICO’s aggressive stance over data breaches. I wonder how effective another layer of regulation will really be.
“All companies need to protect their data, ensuring that it is used appropriately. Data has a considerable value and those sitting in boardrooms should recognise this.”
Tankard thinks that a more effective action is having a more robust system for the prosecution of senior executives, in respect of data breaches. “The cost versus benefit of data security is a key question for boards and often board members by-pass data security spend, as they see little risk to the business, or themselves. Increased penalties could trip a change of attitude.
“I often hear executives saying that they are not worried about securing data, as they do not recognise that they have any that is sensitive. All data is valuable to someone, often a hacker, so it should, of course, be protected.
“Data security needs controls more akin to the Health and Safety Executive, with senior executives facing potential prison terms for data breaches. That would do more to protect data than more regulation.”
For the UK Government view, see the Department for Digital, Culture Media and Sport (DCMS) minister, Digital Secretary Oliver Dowden’s opinion piece for the Daily Telegraph on the Online Safety Bill, of May 11.
Mike Haley, Chief Executive at the counter-fraud trade association Cifas, welcomed inclusion of user-generated fraud in the Online Safety Bill. However, more needs to be done to tackle other aspects of fraud perpetrated online, he said.
‘The Bill places responsibility on platforms with regards to user-generated content, but excludes other types of online fraud. I look forward to the release of the Home Office Fraud Action Plan and how this will address fraud currently excluded from the Online Safety Bill, such as through advertising, emails and cloned websites.
‘Fraud in the UK has reached epidemic levels and recent research commissioned by Cifas and RUSI has highlighted the strong link between fraud and other high harm crimes such as people and drug trafficking, and terrorist financing. We need to act fast to disrupt criminal operations and ensure that online platforms are taking the appropriate steps to do so.’
Some background
In her speech at the State Opening of Parliament earlier this month, The Queen said: “My Government will lead the way in ensuring Internet safety for all, especially for children, whilst harnessing the benefits of a free, open and secure Internet”.
The draft Online Safety Bill seeks to set a duty of care on social media operators, to enforce online safety standards on unacceptable content such as child exploitation and incitement to terrorism. The largest and riskiest sites – known as ‘Category 1′ sites – will also be required to act on legal content that might be harmful to adults, such as cyberbullying or encouraging self-harm. Compliance will be overseen by the comms regulator Ofcom, in its role as online safety regulator. Ofcom will be given power to fine companies up to £18m, or ten per cent of qualifying revenue, if they fail in their new duty of care.
