Notification of data-security breaches to be mandatory for all firms

What some term a ‘burden’, Viviane Reding, vice-president of the European Commission, defines as ‘necessary’. Following the various high-profile cyber attacks, The European Commission (EC) has made it clear that firms have to make any security breaches public.

Reding spoke at the British Bankers’ Association (BBA) Data Protection and Privacy Conference, making it clear that the notification of data-security breaches was to be mandatory for all sectors.

At present, only the telecommunications sector has had to report security breaches (in Europe). The banking and financial services are the reluctant ones with regards to the new conditions.

“I understand that some in the banking sector are concerned that a mandatory requirement would be a burden. However, I believe that an obligation to notify the public of a serious data security breach is necessary and would enhance consumer confidence,” Reding said.

Reding also believes it would act as an incentive for businesses to ‘conduct serious risk assessments,’ ensuring that personal data was protected by appropriate security.

The move appears to have been expected and, as Pete Gooch, privacy expert at business firm Deloitte, pointed out the organizations that already have excellent security controls will continue to spot breaches, whilst firms with poorer controls may be unaware of a problem occurring.

“This, rather ironically, means that organisations with poor controls may escape the watch of the regulators, while those with better controls come under more scrutiny,” said Gooch. “That is not to say that having poor controls is an appropriate response – the regulators will continue to examine every breach on a case-by-case basis.”

How will this extra scrutiny really affect businesses? And do the firms lacking in data-security need to be pulled into line?

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Chris Baker is the Global Sales and Marketing Director responsible for the expansion of Calsoft Enterprise Solutions internationally. Formerly co-owner of acquired business, Inatech, Chris has been responsible for developing and promoting the company’s position as a specialist in Oracle solutions within the global IT industry. Chris co-founded Inatech in November 2002 merging with Calsoft in 2008. In a career spanning 23 years, Chris has held influential positions at Accenture, Easams, and Marconi. He was a Member of the Oracle UK Consulting Board during his time at Oracle Corporation UK, where he spent 15 years. Chris has a Higher National Diploma in Computing Studies from Farnborough College with distinction.