With the UK Government’s logic on personal internet security and data breach laws (click HERE), it seems that they might as well be deregulating their drinking water distribution systems. A set of recommendations from a House of Lords Science and Technology Committee study was almost completely discounted by the government.

What would happen if a city’s drinking water distribution system developed a major leak, or had significant breaches? Or what if a major contamination entered the supply?

Information is like fresh water for today’s economy. The supply has to be available and clean.  When there is a leak, the community loses money.  If any of these core values are threatened, the system owner is supposed to notify the people affected and take responsible action. They would need to investigate to find the root cause of the problem, plan for corrective action and report to the customers on how everything was done according to policy and procedures.

“We are… clearly not so convinced as the committee that [a data-breach notification law] would immediately lead to an improvement in performance by business in regard to protecting personal information, and we do not see that it would have any significant impact on other elements of personal internet safety,” said the government response.

It seems that the UK Government is either: (1) not convinced of the value and criticality of information as it relates to both the economy and personal safety, (2) not convinced of the likelihood of the threats being carried out, or (3) not convinced that data breach laws and other recommended safeguards have had any positive effect in other jurisdictions.

So, I would recommend considering the following:

1) Historical data on losses - There is no shortage of evidence showing an increase in data breaches around the world. (Just do a search in Google for “data breach report” and view the 1.7 million hits).

2) Sensitivity or business continuity analysis - It is necessary to look at each type of information and business system to see what the impact of compromise could be. You can only do this with the help of people who have intimate knowledge of the subject information, stakeholders and systems.

3) California Senate Bill 1386 - The most visible breach notification law in the world, passed in 2002, is having a transformational effect on businesses and government legislation around the world. It’s coming to an agenda near you.

All this to say that if we treated information more in the way we treat precious, critical infrastructure commodities such as water, I believe we’d be a lot further ahead. Even home users should be concerned about this type of legislation, as it is their participation in the economic system that makes them a stakeholder.

Let’s hope there is more debate in the UK, and that they come to use their national economic leadership position in a more responsible way.