The House of Lords Science and Technology Committee released its long-awaited follow-up report to its 2007 document on personal internet security earlier this month. But although government attitudes to some of the issues have softened, there appears to still be a long way to go before any of the recommendations are acted on.

“We acknowledge that, following the government’s disappointing response to our report, they have reflected further and, with regard to some of the issues we raised, there has been some progress towards meeting our concerns,” the report concluded. “What progress there is, however, appears to be slow.”

The main recommendations in the follow-up report are:

• The introduction of a data breach notification law.

• A return to old fraud reporting laws whereby the first point of contact is the police, not the banks.

• New laws to place liability for losses through online fraud on the banks.

The Lords maintained that current Banking Code rules are not sufficient as they allow the banks to claim that customers have been negligent in fraud cases.

“We have significant concerns about the way in which complaints of online banking fraud are currently handled and, in particular, the basis on which the banks determine that an alleged fraud is to be attributed to the customer, whether by fraudulent or negligent activity,” said the report.

The committee was given evidence suggesting between 1,000 and 10,000 individuals have been denied compensation.

On the issue of fraud reporting, the report is critical of the government for doing little to address concerns about the current system, whereby fraud victims must report to their banks in the first instance, rather than the police. “We were concerned about reporting fraud in this sequence on the grounds that the decision of the banks to pass a report to the police might be influenced by commercial factors,” said the report.

Committee member Lord Broers argued that it was “encouraging that the government has come round slightly in this issue” by saying it will look at the problem again.

But others argued that police are currently ill-equipped to deal with handling fraud cases. Simon Heron, managing director of network security vendor Network Box, said that law enforcement suffers from a lack of funding and is not interested in small incidents of online fraud.

“If they come across a multimillion pound internet fraud case then they can push it up to the Serious Organised Crime Agency, but my impression is that the small and damaging incidents are not under control,” he said. “Internet crime is just not taken seriously, ­ the people making the decisions are not aware of the commercial ramifications a lack of confidence in the internet could cause.”

The Lords also renewed calls for US-style data breach notification legislation to
be enacted in the UK.

Richard Turner, chief executive of content security vendor Clearswift, said that firms that clearly communicate to their customers what information they gather and store, and what will happen in the event of a breach, could use that as a competitive differentiator.

“Without this legislation there won’t be the constant driver for the responsible and safe management and collection of information,” he added. “As a custodian of someone’s information, you have an absolute obligation to tell that person as soon as you find out.”