Press Releases

ISACA leader welcomes Irish Data Protection Commissioner's proposals on data theft or loss notifications

Rolling Meadows, Ill., US (10^th June 2010)— ISACA International Vice President Rolf von Roessing, CISA, CISM, CGEIT, has applauded the actions of Ireland's Data Protection Commissioner in publishing a draft code of practice that requires incidents involving the theft or loss of personal data relating to more than 100 people to be notified to its office.

 

"The Irish commissioner has reportedly published the draft code in response to the recent recommendations of the data protection review group established by Dermot Ahern, the Irish Minister for Justice," said von Roessing.

 

"As well as proposing that organisations be mandated to report data losses and thefts involving more than 100 people, the draft code also proposes mandatory notifications of all types where sensitive personal or personal financial data is involved," he added.

 

According to von Roessing, the proposed code of conduct formalises the situation regarding data losses or thefts in the Republic of Irelandand, as such, will act as a reference model for other European countries.

 

The proposal effectively draws a line on the responsibility of managers of organisations which are handling data involving people's personal records, and that includes human resource records.

 

This means, says ISACA's international vice president, that most larger businesses in Ireland will have to report data thefts of most types as they occur, should the code of conduct be ratified as an Act.

 

Identity theft, says von Roessing, has now become a serious cybercrime problem, with criminal gangs selling personal data between themselves like never before.

 

"When the UK's ICO announced in January of this year that he was increasing the penalties for data beaches and losses to 500,000 pounds, we welcomed those changes, noting that it is a major worry for responsible citizens to find that their private data - or even worse, that of their family - has been released into the public domain," he said.

 

Security issues such as identity theft, job application refusals and all manner of public embarrassment can result from the disclosure of private data, he went on to say, adding that what can be shrugged off by one person can result in major concerns for another.

 

"It has been more than 25 years since the original UK Data Protection Act came into force, and since then, computers and the Internet have changed our lives largely for the better," von Roessing said.

 

"The same is true for Ireland and most other countries and this is why we welcome this proposal by the Irish Data Commissioner´s Office, as it formalises what has been best practice in many organisations to date," he added.

 

 

For more on the Irish Data Protection proposals: http://bit.ly/byhClz

 

To access free guides on information security governance from ISACA, a not-for-profit IT security, risk and governance association with nearly 90,000 members worldwide, visit http://www.isaca.org/security.

 

For more on ISACA: www.isaca.org

 

About ISACA

With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

 

ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.