UK agencies to collaborate on data breach response

The UK’s National Cyber Security Centre (NCSC) and Information Commission Office (ICO) have agreed to collaborate on an improved approach to responding to data breaches.

Under the new agreement, the terms of which were outlined at the recent NCSC annual conference CYBERUK, the agencies will work to improve victim support and enhance cyber guidance for organisations and the community.

The NCSC was established to manage cyber incidents such as attacks on nationally significant organisations, while the ICO is the independent regulator for the monitoring and enforcement of the EU General Data Protection Regulation (GDPR).

Under the agreements, the NCSC has agreed to engage directly with victims to understand the nature of the incident and provide free, confidential advice on impact mitigation, and will encourage the impacted obligations to meet their requirements to report incidents to the ICO.

The ICO will meanwhile focus on early-stage risk mitigation steps, and will work to ensure that affected organisations have adequately protected any personal data put at risk by the incident and are meeting their legal responsibilities to individuals impacted.

Both organisations will share anonymised information to help assess the risk of an incident, and will work to amplify each other’s communications and advice to organisations and individuals.

“This framework will enable both organisations to best serve the UK during data breaches, while respecting each other’s remits and responsibilities,” NCSC Chief Executive Ciaran Martin said.

“The development of this understanding is as a result of a constructive working relationship between our organisations, and we remain committed to an open dialogue on strategic issues.”

Image credit: ©duncanandison/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.