Monday, October 27, 2008

Data Security Breach notifications in sight

Courtesy of Pogo and Vnunet, comes this recent news on European data breach notification laws (part of the amendments to the Telecommunications framework at a European level:

European data breach notification laws applying to all online information service providers could be in force by 2011, according to the European data protection supervisor Peter Hustinx. The current data breach notification proposals apply to just ISPs and telcos, but Hustinx backed calls for the law to apply to all “information service providers, including banks and medical sites”. He added, “I would welcome this as fair and in line with reality.”

Speaking to at the RSA Conference Europe show in London, which kicked off today, Hustinx explained that the proposals are still open to change as the Council of Ministers and parliament are working on slightly different texts. “We will probably have some threshold [for disclosure] but a very low one, and notification will be to users and authorities,” he said. “There is also likely to be some variation on the basis of individual member states, which will be a challenge.”

Hustinx added that if the current proposals are adopted in spring 2009, they could become law two years after that. Hustinx also argued that the UK government should consider giving its data protection watchdog, the Information Commissioner, greater powers in order to “restore confidence” to public sector handling of data [the Criminal Justice and Immigration Act 2008, s 77 and s 144 already strengthens remedies for ICO].

More from:

No comments: