A bill passing through parliament will, if passed in its present
form, mean that security consultants will need a licence to
continue working in the UK. Yet the bill is designed to solve
problems with rogue wheel-clampers and bouncers.
A Standing Committee for the Private Security Industry (PSI)
Bill this week voted against proposed amendments to exempt IT
security experts from the law’s scope which defines "security
consultant" as anyone giving advice about "security precautions in
relation to any risk to property."
The wording could catch systems administrators who configure and
maintain computer access controls, and programmers and consultants
who typically work on a wide range of system tasks including
information security.
Committee member Charles Clarke MP denied that computer
consultants are under threat of licensing, but added that “issues
need to be explored with regard to confidence in the information
security consultancy industry.”
The Confederation of British Industry (CBI) has pointed out that
the Bill is contrary to the E-commerce Directive which must be
implemented in the UK by 17th January 2002. It provides that Member
States must “ensure that the taking up and pursuit of the activity
of an information society service provider may not be made subject
to prior authorisation or any other requirement having equivalent
effect.”
The CBI observes that a requirement on IT security professionals
to seek licences constitutes “prior authorisation” under the
Directive.
The Bill has now passed the first and second readings and
committee stage in the Commons.
