Skip to main content

Europe warned of data breach notification legislation

The European Commission has published proposals for a change in law that would force telecoms firms to notify regulators and customers of all breaches of data security including, for example, lost laptops and stolen backup tapes.

A similar but more far reaching law in California has resulted in a deluge of notifications of data breaches by companies such as Time Warner and Bank of America. It may not be long before Europe follows suit, with regulatory and business drivers impacting more and more companies.

As the proposal stands, it forces companies to disclose when information or personal identities are at risk, allowing individuals to be informed and to take action. Unfortunately, this permits businesses to continue to put the onus on the individual to rectify problems caused by them, the owners of the exposed data source.

For far too long, large companies have been able to shrug their shoulders and say sorry, leaving the little guy to reclaim his identity or credit rating, which can take years and be a very painful process, through no fault of his own. There has to be some element of accountability for exposure of data. We need to encourage an ethos of ethical corporate responsibility.

Identity theft is not just a problem on the Internet; it can happen in much less visible ways. Thefts and losses of backup tapes mean that large volumes of personal information such as, mother’s maiden name, date of birth or national insurance number are exposed to potential misuse at any time in the future.

Companies need to do more to protect themselves and their customers against losses of personal data to avoid damage to corporate reputations by being exposed under this proposed legislation. According to Rich Mogull, Research Vice President for Gartner, key ways for companies to safeguard personal data are:

1. deploy content monitoring and filtering (CMF)

2. encrypt backup tapes and (possibly) mass storage

3. secure workstations, restrict home computers and lock portable storage

4. encrypt laptops

5. deploy database activity monitoring

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.