Demands for new law on data loss
By Josephine Cumbo
http://us.ft.com/ftgateway/superpage.ft?news_id=fto082920082234007818&referrer_id=yahoofinance

Consumer groups are calling on the government to compel banks and business to notify customers when their personal data has been put at risk by a security breach.

The call, by the National Consumer Council, comes after it emerged this week that computer equipment containing personal data of about 1m bank customers, such as account numbers and dates of birth, was sold on the internet auction website Ebay for £35 ($63, €43).

The incident, which is being investigated by the privacy watchdog, came to light after an IT manager who bought the equipment on Ebay reported the discovery to a newspaper.

"Unlike many states in the US, the UK does not have legislation compelling firms to alert their customers after unauthorised access to their personal data," said Anna Fielder, a senior policy officer with the NCC.

"The consequences of identity theft can be devastating both financially and emotionally for victims. That's why the law is needed."

Similar notification legislation, though applying only to data held by internet service providers, is being considered by the European Union, which could affect the UK, but campaigners want faster action.

"At the moment people are only reading about these breaches in the paper," said Ms Fielder. "A law covering all data providers would be an incentive for providers to improve their security."

Identity theft is one of the fastest-growing crimes in the UK, with more than 100,000 victims each year, and ID fraud costing the economy £1.7bn annually, according to Home Office estimates.

This latest security breach involved Royal Bank of Scotland and NatWest customers whose data were stored on a computer taken without permission from an archiving business. RBS was on Friday still investigating the extent of the breach.