Contents

Security

Policy actions sorted A-Z.

Create a certification mark for transparency, privacy and security

Products that meet certain requirements of transparency, privacy and security are awarded a certification mark so that people know they can trust the product.

Examples

Commentary

Related policy actions: Certification, Choice and competition, Education and awareness, Markets, Privacy, Security

Link to this policy action

Enable people to view access history of data held about them

People can access a history of who has viewed data held about them, so they can understand what is happening to their data and spot fraud and misuse.

Examples

Commentary

Related policy actions: Data protection, Fraud, Personal data, Redress, Regulation, Security, Transparency

Link to this policy action

Establish a vulnerability information service

Create a central database of known software vulnerabilities. This will allow consumers to know what products and services are affected, and help developers fix vulnerable code. Software security research firms typically publish their findings publicly and have a unique vulnerability identifier attached to their work.

Examples

Commentary

Definitions

Related policy actions: Disclosure, Open data, Security, Transparency

Link to this policy action

Make recommendations for safe software development

Government and technical organisations should recommend best practices to developers to ensure safety, particularly in environments where computers have control over the physical environment. Existing guidelines are biased towards space and nuclear science, but there will be a need for consumer advocacy here as self-driving cars near readiness for everyday use.

Examples

Commentary

Definitions

Related policy actions: Algorithms, Disclosure, Education and awareness, Infrastructure, Security, Transparency

Link to this policy action

Offer a privacy and security advisory service for companies providing digital services

A team or service exists to inform companies about best practices for digital security, consumer privacy and consent models.

Examples

Commentary

Related policy actions: Data protection, Education and awareness, Privacy, Security

Link to this policy action

Promote good security practices through a public campaign

Promote best practices, such as strong passwords and two-factor authentication, to improve public understanding of digital security.

Examples

Commentary

Related policy actions: Education and awareness, Privacy, Security

Link to this policy action

Publish digital product recall notices

Software vulnerabilities are included in product recall notices and product recall notices are maintained and made available as open data, so that consumers are aware when they own an unsafe digital product.

Examples

Commentary

Related policy actions: Disclosure, Infrastructure, Open data, Security, Transparency

Link to this policy action

Regulate Internet of Things devices

Regulators should be able to compel manufacturers to follow standards for privacy and security when designing Internet of Things (IoT) devices, in a similar way that regulators mandate that electrical safety standards are followed. This is important for consumers, because IoT devices collect so much data about a person and their surroundings and privacy considerations are poor at present.

Examples

Commentary

Definitions

Related policy actions: Infrastructure, Privacy, Regulation, Security

Link to this policy action

Require services to monitor for consumer fraud

The law requires services to monitor for suspicious authentication, for example signing in from another country, so fraud and data theft can be prevented.

Examples

Commentary

Related policy actions: Disclosure, Fraud, Personal data, Security

Link to this policy action

Require the reporting of data breaches

Data controllers are compelled to publicly report data breaches so that the public know it has occurred and can take action where possible and to incentivise data controllers to maintain secure data handling practices.

Examples

Commentary

Definitions

Related policy actions: Data protection, Disclosure, Personal data, Privacy, Regulation, Security, Transparency

Link to this policy action

Require the use of multi-factor authentication

The law requires the use of strong customer authentication for certain kinds of service.

Examples

Commentary

Definitions

Related policy actions: Data protection, Personal data, Regulation, Security

Link to this policy action

Set and enforce data security standards

Government or industry bodies agree a set of standards for securing specific data and transaction types so that people can expect a minimum level of security.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy, Security

Link to this policy action

Set design standards for digital public services

Create and publish a set of design standards to promote best practices, accessibility and familiarity between digital public services.

Examples

Commentary

Related policy actions: Security, User experience

Link to this policy action

Set minimum periods for which software updates must be provided

Set a minimum period where manufacturers must provide software updates to ensure customers are reasonably protected against software vulnerabilities without having to make new purchases.

Examples

Commentary

Related policy actions: Data protection, Security, User experience

Link to this policy action

Stipulate when services must encrypt data at rest

Set rules that require data to be encrypted when it’s stored by a data controller to mitigate the risks of a data breach.

Examples

Commentary

Related policy actions: Data protection, Privacy, Security

Link to this policy action

Stipulate when services must encrypt data in transit

Set rules that require data to be encrypted when sent across the internet to prevent it from being intercepted by an unauthorised third party.

Examples

Commentary

Related policy actions: Communications, Data protection, Privacy, Security

Link to this policy action