Following the publication of the revised Draft Investigatory Powers Bill, which proposes service provider companies store even more personal data to be accessed by the authorities. Experts from 8MAN and teckUK have the following comments on it.
Jens Puhle, UK Managing Director at 8MAN:
“By expanding the collection of web browsing data and other information, the amount of data that needs safeguarding when Draft Investigatory Powers Bill is signed off is massive. Companies like BT and Sky will be required to store and protect considerably more customer data than their current operations.
“All eyes are on how the authorities will access this data, but companies must also contend with threats from within. The implications of this are huge and could potentially lead to a large scale loss of data, whether by human error or intentional theft. Even senior management are now high on the list of “insider thieves”, with PwC recently finding that half of all instances of company fraud are committed by staff aged over 40.
“Trusted insiders are the most difficult threat to data to identify and catch, so all organisations impacted by the bill must ensure they have the right technology and policies in place to get in control of how their data is accessed. This is not an easy task on such a scale, but is absolutely necessary if service providers are to keep the new wave of new data in their systems safe.”
Antony Walker, Deputy CEO of techUK:
“The test now is to understand if the amendments made address the very serious concerns that have been laid out by the tech industry and three Parliamentary committees.
“This is a complex Bill, with significance for all of us. Parliamentarians must have time necessary to subject it to the “maximum parliamentary scrutiny” the Home Office has promised.”
As more details emerge, tech companies are urgently seeking to understand what is being asked of them and the implications for their business, their customers and the security of our digital economy.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.