Online gambling operators face new standards on information security and on displaying betting histories

The regulator endorsed a subset of the International Organization for Standardization (ISO) standard ISO 27001, including those relevant to information security incident management, in a response (52-page / 469KB PDF) it issued to an earlier consultation it held on new regulatory technical standards (RTS).

"This new provision aims to ensure a consistent and effective approach to the management of information security incidents," the Commission said in its paper. "This would include ensuring adequate preparations are in place to rapidly respond to incidents and determine the appropriate communication."

The new information security standards endorsed by the Gambling Commission are also intended to ensure customer data used when operators are developing new websites or apps cannot be easily compromised.

The Commission also confirmed that it will press ahead with plans to require online gambling operators to make it easier for customers to review their "gambling history".

Under the plans, the operators will be required to give consumers "immediate access to three months history" without them having to specifically ask for the information. Operators will also be obliged to provide the customers with details of at least 12 months' worth of their gambling history with them where those customers request the information.

"The ability to request such information should be made clear to customers and the information should be provided as soon as is practicable," the Commission said. "This does not fundamentally change the current RTS requirements rather it just clarifies the minimum for which gambling and account history should be made available."

"The level of detail for historical account and gambling information specified in the existing RTS guidance remain unchanged i.e account history will show deposits, withdrawals and bonuses applied; betting should include the results of each bet; and gaming should provide summary information (preferably broken down per gaming product) when it is not possible to provide the full information," it said.