Out-Law / Your Daily Need-To-Know

MPs open inquiry into online data security following TalkTalk breach

05 Nov 2015, 12:13 pm

The security of personal data online is to be examined in a UK parliamentary inquiry following the recent cyber attack on TalkTalk.

The Culture, Media and Sport Committee said the TalkTalk incident "gives rise to questions and concern over the ways companies store and secure information about their customers".

Last month TalkTalk reported that it had been the subject of a significant and sustained" cyber attack which had potentially exposed the data it held on all 4 million of its customers to the hackers. It later confirmed that a data breach had occurred but affected fewer customers than had initially been feared.

The Culture, Media and Sport Committee said it would use its new inquiry to find out more about the circumstances surrounding the TalkTalk data breach, including the nature of the cyber attacks on TalkTalk's website and the way the company responded to the incident.

The "wider implications for telecoms and internet service providers" will also be assessed, it said.

The Committee wants to understand more about "the robustness of measures that telecoms and internet service providers are putting in place to maintain the security of their customers’ personal data and the level of investment being made to ensure their systems remain secure and anticipate future threats", it said.

Other issues the Committee wishes to look into include "the nature, role and importance" of encryption in data security and whether "the supervisory, regulatory and enforcement regimes" are adequate to ensure companies address the cyber crime threat sufficiently.

The Committee said it will also review "the redress mechanisms and compensatory measures" that can be engaged when data breaches happen, and look to gather evidence on the "likely future trends in hacking, technology and security".

Stakeholders wishing to submit their views on the issues can do so in writing up until 23 November. The Committee said it expects to host evidence sessions as part of the inquiry later this month.

Committee chair Jesse Norman said: "The recent events have highlighted serious issues relating both to existing cyber-security and the response to cyber-crime. This Committee is concerned with the attacks on TalkTalk specifically as a telecoms and internet service provider, but with the recent move of the Information Commissioner’s Office to DCMS, we will also be looking more widely at the security of personal information online."