The Labour Government announced two new tech-focused Bills in its King’s Speech back in July 2024. Both are aimed at providing additional security for people and businesses within the tech space.

The Digital Information and Smart Data Bill (DISD)

In its background briefing paper to the new legislation proposed in the King’s Speech the Government stated that the DISD would:

“…enable new innovative uses of data to be safely developed and deployed and will improve people’s lives by making public services work better by reforming data sharing and standards; help scientists and researchers make more life enhancing discoveries by improving our data laws; and ensure your data is well protected by giving the regulator (the ICO) new, stronger powers and a more modern structure. These measures start delivering on the Government’s commitment to better serve the British public through science and technology.”

The former Conservative Government introduced the Data Protection and Digital Information Bill (DPDI), but it failed to pass in the legislative ‘wash up’ when Parliament was dissolved before the July General Election. Many of the proposals in the DISD Bill are similar to those proposed in the DPDI Bill, for example, plans to ease restrictions on processing personal data for scientific research purposes and to modernise and strengthen the Information Commissioner’s Office (ICO). However, many changes proposed by the DPDI Bill have not been included in Labour’s DISD Bill; notably, reducing reporting requirements, increasing the use of legitimate interest, and doing away with Data Protection Officers.

The main proposals of the DISD Bill are:

• Setting up Digital Verification Services. These are designed to make people’s everyday lives easier through innovative and secure technology. The services will support digital identity products and services from certified providers to help with things like moving house, pre-employment checks, and buying age restricted goods and services.
• Establishing a National Underground Asset Register, which is a digital map that will provide planners and excavators standardised, secure, instant access to the data required to carry our effective and safe work on underground pipes and cables.
• Developing Smart Data schemes. These are the secure sharing of a customer’s data upon their request, with authorised third-party providers.
• Electronically registering births and deaths.
• Establishing a Data Preservation Process that will provide access to data which is necessary for the investigation into the death of a child.
• The ability for scientists to ask for broader consent for the use of data for scientific research.

The Cyber Security Resilience Bill (CSRB)

Strengthening the country’s cyber defences in order to deliver growth is crucial to the Labour Government’s technology policies. The CSRB is designed to expand the scope of the existing regulations, increase the power of regulators, and increase reporting requirements so the Government has a better understanding of cyber threats.

The CSRB proposes to:

• Increase the scope of regulations to protect more digital services and supply chains. Existing regulations cover five sectors (transport, energy, drinking water, health, and digital infrastructure) and some digital services (including online marketplaces, online search engines, and cloud computing services). Any immediate gaps in the UK’s cyber security defences will be filled to ensure attacks such as the ransomware attack that hit the NHS in June 2022 cannot happen again.
• Introduce potential cost recovery mechanisms to provide resources to regulators and give them the power to look into vulnerable cyber security areas proactively.
• Making reporting of specific incidents mandatory to give the Government better data on cyber attacks, including where a company has been held to ransom.

Although the CSRB primarily relates to public services, attacks on these infrastructures impact the entire economy and can deter investors, thus negatively impacting growth.

How can my business increase its cyber security protection?

Labour’s new Bills are welcome additions to the country’s cyber security armoury; however, according to a recent report in the Evening Standard, British Telecommunications (BT) logs 2,000 signals of potential cyber-attacks every second.

“BT said its latest data on the issue showed a 1,234% increase in new malicious scanners across its networks over the last 12 months, and warned that the rise could be attributed to more cyber criminals turning to AI-powered, automated bots to scan for vulnerabilities in security systems as a way of evading tools designed to spot suspicious activity.”

Below are three ways you can manage your organisation’s cyber security risks.

1. Recognise that the risk is constant and; therefore, needs regular oversight and adjustment. Your business’s cyber security risk management plan must be reviewed regularly. Cybercriminals benefit from an organisation’s indecision and failure to implement adequate cyber controls.
2. Apply a risk-based approach to cyber security. At present, most organisations aim to achieve a desired level of maturity by putting in place wide-ranging capabilities and controls, such as implementing phishing training or enabling multi-factor authentication (MFA). This is known as a maturity-based approach to cyber security and can be extremely expensive. A risk-based approach, on the other hand, involves a business identifying significant vulnerabilities and targeting investment towards defending against such threats/risks.
3. Foster a security-first culture. Although criminals are getting smarter and bolder, the fact remains that most security breaches result from internal actions such as clicking on a phishing email, being slack when it comes to data security, and using weak passwords. Building a security-first culture means more than offering training; it involves everyone in the organisation from the top down understanding and prioritising the company’s cyber security requirements.

Getting legal help

Maintaining robust cyber security is an ongoing challenge for all organisations, regardless of their size and the market sector they operate in. If you have questions about points raised in this article, please do not hesitate to contact us.

To find out more about how our team can provide assistance with risk management, please email us at [email protected] or phone 0121 249 2400.

The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article, please contact 43Legal.