To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/government/0,39024677,11018731,00.htm

Powergen scandal: E-minister calls for written explanation

By Lisa Burroughes

Published: Tuesday 25 July 2000

The UK minister for ecommerce, has said she wants to see a full explanation from Powergen over the security breach which left the debit card details of 7,000 customers lying unprotected on the UK utility's web server.

Despite initial reluctance from the government to take a stand on the company's accountability, Patricia Hewitt said she is taking the incident very seriously and hopes it will be a warning to other companies embarking on ecommerce.

Speaking in London at a forum for women doing business in ecommerce, Hewitt said: "It's a wake up call to businesses to get their security in order. And security isn't just about the software, it's about the people and processes and things go wrong in the offline world as well as the online world. But the Data Protection Commissioner (DPC) has already written to Powergen for an urgent explanation of what happened. We have very strict laws about protection of personal data and companies need to make sure that they are complying with the law."

The government had initially been reluctant to make a stand on Powergen's accountability for the security breach. And the Data Protection Commissioner (DPC) said last week it was unable to follow up complaints from the company's customers because it had a three to four-week backlog.

The DPC is expecting a response from Powergen in the next couple of weeks. However, Phil Jones, assistant registrar, said he didn't think the explanation would lead to any further action.

"The main area of clarification will be how quickly they [Powergen] accepted that there was a problem. It could be that the weakness might not have manifested itself immediately - that they checked and couldn't see a problem and then it was later proven," Jones said.

Regardless of the outcome of the explanation, Hewitt admitted that similar incidents in the future could be prevented if we had digital signatures. "Digital signatures will help to break through this and I think one of the next big priorities of the government is to work with the private sector using the Ecommerce Act that is now in place and spread the usage of digital signatures."