With recent changes in data protection law taking effect, European Commission Vice President and Justice Commissioner Vivane Reding has pushed to establish mandatory requirements for firms to notify authorities in case they lose customer data during a security breach.
“I intend to introduce a mandatory requirement to notify data security breaches – the same as I did for telecoms and internet access when I was telecoms commissioner, but this time for all sectors, including banking and financial services,” said Reding, V3 reports.
According to Reding this will create an atmosphere where firms can conduct risk assessments for protecting personal data and implementing appropriate security measures which would improve customer trust.
Reding also said that the commission has consulted with experts and stakeholders and has taken detailed suggestions for enactment of the new law. The Information Commissioner's Office (ICO) welcomed the proposal but at the same time warned that a clear strategy is required from the EC to make the new law work.
Security analysts have largely hailed the effort as a positive move but they also warn that it is not a silver bullet for protecting user data.