Data Protection Bill updated to protect security researchers

Data Protection Bill updated to protect security researchers

An amendment will be made to the Data Protection Bill in order to protect security researchers when carrying out their investigative work.

The additional clause to the bill has been introduced by the government to protect security researchers that carry out ‘effectiveness training’ on the anonymity of data sets and who work to uncover abuse of personal data.

Security researchers work to ensure that data sets are sufficiently anonymous, to protect the public and if their research concludes the data sets are too easily identifiable it puts individuals at risk of data being taken by criminals such as hackers.

When the bill was first introduced in August last year, it brought concern to security researchers that they could fall into breach of the bill conditions due to their job roles but the new amendment takes away this concern.

Now, the government will make it a criminal offence to anyone who intentionally or recklessly re-identifies individuals from anonymous data such as hackers.

Under the amended clause, in order for security researchers to be protected, they must prove that they acted with the intent to test the effectiveness of de-identification of personal data, not for personal gain, without the intent to cause harm to the owner of the data.

Additionally, a second condition is that the individual must notify the Information Commissioners Office (ICO) about the action within 72 hours of doing so. If these conditions are not met, then the individual will face a hefty fine.

“We are strengthening Britain’s data protection laws to make them fit for the digital age by giving people more control over their own data. This amendment will safeguard our world-leading cybersecurity researchers to continue their vital work to uncover abuses of personal data,” Matt Hancock, the New Culture and Digital Secretary, said according to The Guardian.

ICO fund research into privacy and data
FTSE, Fortune firms still not GDPR ready
The Public Sector in 2018

The amendment to the bill brings comfort that data will be sufficiently protected and that the government will be able to more easily identify who is trawling through data sets, possibly identifying hackers at an earlier stage as they would not comply with the conditions.

Another benefit to the amendment is that the ICO can have inadequately anonymous data flagged to them, in order to better protect the data and the individual.