EU data breach notification law under advisement
The recent onslaught of cyber attacks against a variety of companies big and small and the consequent compromises of user information gathered by them has led the European Commission to think about reviewing the European Union’s personal data breach notification laws.
According to ComputerWorld, the current ePrivacy Directive instructs ISPs and telecom providers to keep user data safe and to notify them if some of that information has been compromised, as well as to inform the relevant national authority of the incident.
But, as national laws sometimes collide with that imposed by the European Union, the ultimate goal is to create a law that would be equal for all Member States.
So from now until the 9th of September, the Digital Agenda Commissioner Neelie Kroes has called on telecoms operators, ISPs, Member States, data protection authorities, national regulatory authorities and consumer organizations to share their opinion about the possible changes to the law in question – especially when it comes to issues like an acceptable timeframe for notifying breach victims, what these notifications should contain and when they are required.
Also a matter of discussion is the proposal of Justice Commissioner Viviane Reding for including social media and video games companies, online banking providers and companies behind shopping sites into the group of businesses that should abide by the new law.