U.K. Considering Sarbanes-Like Rules

In the wake of an unprecedented loss of a government database containing confidential information about tens of millions of people, British legislators are reportedly considering new data-protection safeguards.

Possible changes in the law being discussed would hold company chief executives directly responsible for data protection and make it a crime to mishandle confidential information about individuals, reports the London Times.

The changes are likely to be fiercely opposed by companies that handle large amounts of confidential information about individuals, such as banks, search engines and telecommunications companies. In particular, a U.S.-style reporting requirement reminiscent of what American companies must do under Sarbanes-Oxley Act will not be popular, the newspaper predicts.

Says Paula Barrett, a partner at Eversheds: “This has strong echoes of the Sarbanes-Oxley legislation in the U.S., which led to a frenzy of audit activity.” The sweeping changes under consideration, she tells the Times, should "send shivers" down the spines of company executives.

The British government's loss of a database containing the personal information of 25 million people was reported last month and is discussed in an earlier ABAJournal.com post.