The Home Office's Call for Information on unauthorised access to online accounts and personal data - Which? response

Which? welcomes the opportunity to respond to the Home Office’s call for information regarding unauthorised access and its proposals for a ‘Cyber Duty to Protect’ (CDtP). As the UK’s consumer champion, we are concerned with the level of cybercrime being perpetrated against consumers described in the consultation. We are pleased that the government has signalled its intention to take action against unauthorised access to consumers’ accounts and personal data. In this response we will set out:

• Which?’s concern over the consumer harms of scams and fraud in the UK, and specific evidence on consumer behaviour around cybersecurity.
• Our support for the idea that businesses must reduce the burden of responsibility on the consumer to protect themselves online.
• Our view that all businesses, not just larger organisations, should hold that responsibility, and the importance of government support to enable this.
• Our understanding of the landscape of enhanced authentication methods for consumer facing accounts, and suggestions for the CDtP focus on this area.
• The importance of a joined up approach from Government in this area.