Editor's Blog: Disclosing data breaches

You may have noticed that at the start of this week silicon.com kicked off a major campaign. It’s called Full Disclosure and you can see our opening salvo here. In a word: when an organisation, be it bank, retailer, government department or other, leaks some of your personal data, you should know about it.

It is obviously a bit more complex than that. Some types of data are more important than others. Your National Insurance number is worth more than your star sign, to use an example that springs to mind.

And what are we asking for? Well, ideally we’d like a change in the UK law, so it is in line with what now happens in California every time an e-tailer’s database is cracked or an insurance company employee leaves her laptop in a cab with a list of a million policy holders on it.

The idea is that openness is best.

That way we get to see which organisations take security least seriously and we respect the right response to the occasional blip. As things stand, the types of breaches you read about on these pages are just the tip of the iceberg, we can safely assume. We estimate there is another 90 per cent we don’t - but should - know about.

We also get to act accordingly. If my internet bank account has been compromised, I’d quite like to move funds or adjust my security settings.

What have we learned so far? For one, there is an appetite for this change, an appetite even greater than we have sensed over recent months.

A raft of people and organisations are lining up their support. Some, though not all, are from the IT sector. We will doubtless receive criticism along the lines of 'They would say that, they have something to gain' – though that is not universally true. Some suppliers will also have some answering to do if a particular technology or approach based on a technology lets a user organisation down.

We have also already heard from those saying this shows just how infrequently communications and databases are encrypted. We agree. Encryption should be used more often.

And then there is the view that alerting thousands of customers – and potentially the thieves themselves – as to what has been stolen equates to giving the crooks a tip-off. A laptop that would be sold on for a barely three-figure sum all of a sudden becomes worth many thousands to the thief who only after the act realises what he might have purloined... perhaps thanks to a report in the media.

We will address these and several other issues over the coming weeks and months. We welcome your views on the subject which can be emailed to us at editorial@silicon.com. Or post a Reader Comment below.