Shortly after the break-up of Parliament was announced, the
House rejected a last-minute attempt to amend the Private Security
Industry (PSI) Bill by 315 votes to 111. It now awaits Royal Assent
upon which it will become an Act of Parliament.
The government has said it will consult with the Department of
Trade and Industry on how the new law should apply to IT security
consultants. The Bill defines "security consultant" as anyone
giving advice about "security precautions in relation to any risk
to property," meaning it could catch systems administrators who
configure and maintain computer access controls, and programmers
and consultants who typically work on a wide range of system tasks
including information security.
Despite rejecting the proposed amendment, Home Office minister
Charles Clarke has caused confusion by saying: “It is our
fundamental principle to ensure the Bill is targeted at those
specialist providers of security services who we have indicated we
want to regulate, and that we do not inadvertently catch groups
that are not relevant to our policy aims.”
The Confederation of British Industry (CBI) has pointed out that
the new law is contrary to the E-commerce Directive which must be
implemented in the UK by 17th January 2002. It provides that Member
States must “ensure that the taking up and pursuit of the activity
of an information society service provider may not be made subject
to prior authorisation or any other requirement having equivalent
effect.”
The CBI observes that a requirement on IT security professionals
to seek licences constitutes “prior authorisation” under the
Directive.
