30th Floor, North Tower, Beijing Kerry Centre, 1 Guanghua Road, Chaoyang District, Beijing, 100020
+86 10 8519 0011
50th Floor, Central Plaza, 18 Harbour Road, Wan Chai, Hong Kong
+852 2521 5621
Room 4605, Park Place, 1601 Nanjing West Road, Jing An District, Shanghai, 200040
+8621 6321 1166
Suite 2405, 24/F, SCIA Tower, Qianhai Shenzhen-Hong Kong Modern Service Industry Cooperation Zone of Shenzhen, Shenzhen, 518000
+86 755 6123 5666
Select your language
Please accept the geolocation request appearing in your browser
Find other officesOUT-LAW NEWS 1 min. read
02 Sep 2022, 3:59 pm
Stricter cybersecurity requirements could be written into UK law to address the risk of criminals gaining unauthorised access to online accounts and user data and trading the information on the internet.
The potential reforms were alluded to in a ‘call for information’ published by the UK Home Office – the first step in what the department is calling a new ‘Cyber Duty to Protect programme’.
The call for information seeks views on “potential government intervention to reduce the burden of cybersecurity from the citizen and encourage organisations to further protect users’ accounts and personal data”.
The Home Office is exploring options for intervention after data published earlier this summer by the Office for National Statistics (ONS) revealed that there had been an estimated 89% increase in computer misuse offences in the year ending March 2022, with an estimated 158% increase in unauthorised access to personal information offences, such as hacking. In total, the ONS said there had been an estimated 1.6 million computer misuse offences in the year ending March 2022.
Priti Patel, UK home secretary, said: “We believe measures may be needed in particular to address the large volume of cyber crimes committed by criminals with a relatively low level of technical sophistication. Accordingly, the Home Office is seeking information to inform the development of proposals to further reduce cyber crime, and the offences facilitated by it.”
“This work will explore measures to reduce the burden on citizens for cyber security, including the application by organisations of secure-by-default principles to protect user accounts and information. It will also examine whether to supplement requirements in data protection legislation to ensure that providers of online services and accounts, as well as processors and holders of UK citizens’ personal data, exercise an appropriate and proportionate degree of responsibility for the protection required of the data and access to it,” it said.
The Home Office’s call for information paper does not contain firm proposals for reform, but views are invited on a range of issues, including where businesses and other stakeholders think responsibility for ensuring better protection of personal data should lie, and on the use of “enhanced authentication solutions”, such as multi-factor or two-factor authentication.
Cyber risk expert Laura Gillespie of Pinsent Masons said: “The GDPR already requires that adequate technical and organisational security measures are put in place to prevent unauthorised access to personal data, with fines and compensation claims potentially following where measures have fallen short. There is also criminal liability for those who gain unauthorised access to personal data under the GDPR and via the Computer Misuse Act too, under which the Information Commissioner’s Office (ICO) has previously exercised prosecution powers.”
“It is unclear exactly what action the government will take at this stage, but fleshing out new ‘secure-by-default principles’ would reflect the existing trend towards stricter cybersecurity obligations: the ICO has developed specific guidance on ransomware, and there are already cyber-related legislative reforms in the pipeline affecting managed service providers and other suppliers of services of major infrastructure operations, under the proposed reforms to the NIS Regulations,” she said.
“If the government does decide to supplement data protection law requirements, it is possible that it will do so by adding amendments to the Data Protection and Digital Information Bill, which is currently before parliament. Whatever changes it pursues, and regardless of its preferred mechanism for reform, expectations for robust cybersecurity preparedness and controls are increasingly high,” Gillespie said.
Contact an adviser
Stay ahead by signing up to our weekly email of news and expert analysis, tailored for you
Data, privacy & cyber
Valid email address
Thanks, we have sent an email to
Please check your inbox to confirm your subscription. The confirmation email may take up to 15 minutes to arrive.
• Check your spam or junk folder
• Ensure your email address was entered correctly.
• You can amend your details and resubmit if required
• If the email has still not arrived, please contact us for assistance
OUT-LAW NEWS
Plans for a new opt-in licensing regime for heat networks in Scotland will be welcomed by operators – although they may face waiting almost two years for their implementation, according to an expert.
OUT-LAW NEWS
Experts say plans to create at least seven new towns signal the government’s continued drive to build communities with affordable homes to help ease the UK housing crisis.
OUT-LAW NEWS
Data centre development in Ireland could stall as a result of legal action lodged by environmental activists, experts have said.
We use cookies that are essential for our site to work. To improve our site, we would like to use additional cookies to help us understand how visitors use it, measure traffic to our site from social media platforms and to personalise your experience. Some of the cookies that we use are provided by third parties. To accept all cookies click ‘accept all’. To reject all optional cookies click ‘reject all’. To choose which optional cookies to allow click ‘cookie settings’. This tool uses a cookie to remember your choices.
Please visit our cookie policy for more information.
