Europe Weighs Requiring Firms to Disclose Data Breaches

[Richard Forno <rforno () infowarrior org>]

Europe Weighs Requiring Firms to Disclose Data Breaches

By KEVIN J. O’BRIEN

BERLIN — To combat a rise in cybercrime, the European Commission is considering a plan to require companies that store 
data on the Internet — like Microsoft, Apple, Google and I.B.M. — to report the loss or theft of personal information 
in the 27-nation bloc or risk sanctions and fines.

The proposal, which is being drafted by Neelie Kroes, the European Union’s commissioner for the digital agenda, aims to 
impose, for the first time, E.U.-wide reporting requirements on companies that run large databases, those used for 
Internet searches, social networks, e-commerce or cloud services. The proposed directive would supplant a patchwork of 
national laws in Europe that have made reporting mandatory in Germany and Spain, but voluntary in Britain and Italy.

While European lawmakers are trying to limit cybercrime, the plan by Mrs. Kroes has generated controversy because it 
would extend the obligation to report data breaches beyond traditional compilers of customer databases — telephone, 
transport and utility companies.

The technology industry supports the idea of a more systematic approach to the flagging of security breaches, but says 
the proposal needs more specific guidelines to ensure that notifications are required only when necessary and useful to 
consumers.

< - >

http://www.nytimes.com/2013/01/17/technology/17iht-data17.html

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.