A rule that you will have to notify the authorities of data security breaches has been proposed by Viviane Reding Vice-President of the European Commission, and European Union Justice Commissioner.
It would be part of what she called ‘a data protection regime fitted to our new age’.
She was speaking on June 20 at the British Bankers’ Association’s Data Protection and Privacy Conference. She said: “We often hear from citizens who are concerned about the security of their personal data, especially in online transactions. This was also one of the main concerns individual users raised in the public consultation.
“Only recently, we witnessed a massive security theft in online gaming services affecting millions of users around the world. This incident highlights why companies need to reinforce the security of the information they hold. Frequent incidents of data security breaches risk undermining consumers’ trust in the online economy.
“Companies should beef up their precautions against identity theft and better protect consumers’ personal data. They should immediately notify breaches of data security and confidentiality.
“I intend to introduce a mandatory requirement to notify data security breaches – the same as I did for telecoms and internet access when I was Telecoms Commissioner, but this time for all sectors, including banking and financial services.
“I understand that some in the banking sector are concerned that a mandatory notification requirement would be an additional administrative burden. However, I do believe that an obligation to notify incidents of serious data security breach is entirely proportionate and would enhance consumers’ confidence in data security and oversight mechanisms.
“It would also create a stronger incentive for business to conduct serious risk assessments to protect personal data and to implement the appropriate security measures protecting the confidentiality, the integrity and the availability of personal data.
She said that the EU will finalise proposals for revising the EU data protection legislation in the coming months. “As I said earlier, we have consulted widely on this major reform of data protection in the EU, and we have taken into account many suggestions and concerns of experts and stakeholders. During my visit to London, I will have the opportunity to discuss our proposals with Justice Secretary Kenneth Clarke who gave a very thoughtful speech on EU data protection reform in Brussels last month.
She went on to discuss the ‘cloud’. She disputed that data in cross-border and cross-continent flows is impossible to regulate. “This is not my vision of the future. I agree with those businesses arguing that regulation would be feasible if we make them more accountable! This is why I am considering the inclusion of the "accountability principle" in my reform so that data of citizens exported to third countries is always exported with their rights attached.”
