EU eyes board with 24 hr data breach notifications

And fines up to 2 per cent of global turnover.
  • Liam Tung (CSO Online)
  • — 24 January, 2012 09:18

A tough new European data privacy regime, set to be unveiled this week, contains proposed penalties that appear certain to elevate privacy and security to the board room.

The European Commission will Wednesday outline a major overhaul of Europe's 1995 Data Protection Protective, proposing that companies with European operations be given just 24 hours to notify customers of a data breach, Bloomberg reported.

EU Justice Commission Viviane Reding outlined parts of the proposal at the Digital Life Design conference in Munich, Germany last weekend, ahead of the January 28 Data Privacy Day.

If the proposal passes, possibly by next year, it could spell the end to the practice of keeping an incident secret until initial investigations have been completed.

However, the proposal is expected to be met with stiff opposition, with Microsoft’s Europe chief operating officer telling the Financial Times the measures were “too prescriptive”.

While Sony was criticised for keeping its massive breach a secret for six days, more recently US security intelligence firm, Stratfor, revealed it did not inform customers of its breach until a month after the incident, citing an ongoing FBI investigation as its reason.

If passed, the new rules will apply to any organisation that manages a database of personal records and are intended to become standard legislation for Europe's 27 member nations, according to a draft proposal obtained by the Financial Times.

The draft also revealed fines, for companies that breach the legislation, of up to 2 per cent of their global turnover.

Under the proposal individuals should also be offered the "right to be forgotten" and a "right to data portability", Reuters reported.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Akamai admits its OpenSSL patch was faulty, reissues keys

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security That Fits

Improve the effectiveness of your security or get unique network threat discovery and remediation

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.