A Standing Committee for the Private Security Industry (PSI) Bill this week voted against proposed amendments to exempt IT security experts from the law’s scope which defines "security consultant" as anyone giving advice about "security precautions in relation to any risk to property."
The wording could catch systems administrators who configure and maintain computer access controls, and programmers and consultants who typically work on a wide range of system tasks including information security.
Committee member Charles Clarke MP denied that computer consultants are under threat of licensing, but added that “issues need to be explored with regard to confidence in the information security consultancy industry.”
The Confederation of British Industry (CBI) has pointed out that the Bill is contrary to the E-commerce Directive which must be implemented in the UK by 17th January 2002. It provides that Member States must “ensure that the taking up and pursuit of the activity of an information society service provider may not be made subject to prior authorisation or any other requirement having equivalent effect.”
The CBI observes that a requirement on IT security professionals to seek licences constitutes “prior authorisation” under the Directive.
The Bill has now passed the first and second readings and committee stage in the Commons.