Data Breaches (Consumer Protection) Debate

Full Debate: Read Full Debate

Data Breaches (Consumer Protection)

John Nicolson Excerpts
Monday 26th October 2015

(9 years ago)

Commons Chamber
Read Full debate Read Hansard Text

Urgent Questions are proposed each morning by backbench MPs, and up to two may be selected each day by the Speaker. Chosen Urgent Questions are announced 30 minutes before Parliament sits each day.

Each Urgent Question requires a Government Minister to give a response on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Lord Vaizey of Didcot Portrait Mr Vaizey
- Hansard - - - Excerpts

I am delighted that the Chairman of the Select Committee will conduct an inquiry into data protection. I am sure that the inquiry, particularly the findings that come out of the report, will be extremely valuable. It has to be said that companies should encrypt their information. There has been some misinformation that the Government are somehow against encryption.

John Nicolson Portrait John Nicolson (East Dunbartonshire) (SNP)
- Hansard - -

Wednesday’s cyber-attack on TalkTalk has illustrated the problems faced by a Government who have failed to protect the interests of consumers through their lightweight regulation of telecoms. For the third time in less than a year, the 4 million customers of TalkTalk have had their confidential details compromised and, once again, the Government and TalkTalk have fallen short in their response.

TalkTalk has attempted to downplay the impact of the attack on its website, stating that the core system was not affected, but that ignores the broader use of personal data in fraud and identity theft. It is estimated that the value of a credit card number to a criminal increases by 500% when combined with the personal details of the individual. Although credit card numbers expire and can change, self-evidently people’s names, addresses and dates of birth do not. Once a criminal has those details, they can use them for numerous purposes. TalkTalk is clearly not taking that seriously enough.

In the United States, AT&T was fined £17 million for failing to protect customer data. In the United Kingdom, the ICO can only place fines of up to £500,000. For a company that received an annual revenue of nearly £1.8 billion, a fine that small will clearly not be terrifying. The regulation of telecoms must be strengthened to protect consumers.

Does the Minister agree that telecom providers must be held fully responsible for failing to protect confidential data? Regulation needs to be strengthened to ensure that; I am afraid that free counselling from TalkTalk is meaningless twaddle.

Lord Vaizey of Didcot Portrait Mr Vaizey
- Hansard - - - Excerpts

I thank the hon. Gentleman for that extensive question. As I said earlier, the Information Commissioner’s Office will obviously look at this data breach. It has extensive powers to take action and, indeed, to levy significant fines. The Government are always open to suggestions about how that could be improved. As I said in an earlier answer, I will certainly meet the Information Commissioner to look at what further changes may be needed in the light of this data breach.