The Information Commissioner’s Office (ICO) has recommended that communications providers submit a list of data breaches every month.
In updated guidance for businesses, the ICO said that while this would help tackle the problem, the more significant breaches needed to be disclosed as soon as they have happened.
There is already European regulation that stipulates comms providers must detail any breaches, but until now there had not been a specific time frame, in spite of the regulations being updated this year.
Claire McCracken, a data expert at law firm Pinsent Masons, said: “Whilst the regulations provide for an inventory of personal data breaches to be maintained by service providers, the guidance goes further than this and recommends that the log is sent to the ICO on a monthly basis.
“This will avoid duplication of work for the organisation concerned and ensure compliance with the obligations under the amended regulations," she said.