UK agencies to collaborate on data breach response
The UK’s National Cyber Security Centre (NCSC) and Information Commission Office (ICO) have agreed to collaborate on an improved approach to responding to data breaches.
Under the new agreement, the terms of which were outlined at the recent NCSC annual conference CYBERUK, the agencies will work to improve victim support and enhance cyber guidance for organisations and the community.
The NCSC was established to manage cyber incidents such as attacks on nationally significant organisations, while the ICO is the independent regulator for the monitoring and enforcement of the EU General Data Protection Regulation (GDPR).
Under the agreements, the NCSC has agreed to engage directly with victims to understand the nature of the incident and provide free, confidential advice on impact mitigation, and will encourage the impacted obligations to meet their requirements to report incidents to the ICO.
The ICO will meanwhile focus on early-stage risk mitigation steps, and will work to ensure that affected organisations have adequately protected any personal data put at risk by the incident and are meeting their legal responsibilities to individuals impacted.
Both organisations will share anonymised information to help assess the risk of an incident, and will work to amplify each other’s communications and advice to organisations and individuals.
“This framework will enable both organisations to best serve the UK during data breaches, while respecting each other’s remits and responsibilities,” NCSC Chief Executive Ciaran Martin said.
“The development of this understanding is as a result of a constructive working relationship between our organisations, and we remain committed to an open dialogue on strategic issues.”
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
The machine identity gap putting public sector data at risk
While there is an increased focus on AI and secure data access, many agencies still lack a...
Access management remains a major problem at many Australian councils
As AI starts to be used more widely in the local government sector, further granularity around...
Australia's next Budget must treat cyber resilience as essential infrastructure
The federal Budget needs to make cyber resilience a core investment priority across AI...
