Data breach notification – coming to a Member State near you?

Despite the European Parliament voting earlier this week in favour of nearly all provisions of the European Telecoms Package (including those to implement a data breach notification regime), it is still unclear whether the Telecoms Package will need to go through another round of discussions in Europe before it will become law. This is because of a small snag in the form of one amendment proposed by the European Parliament on the fundamental rights of EU citizens.

This hasn’t stopped European Commissioner Viviane Reding from keeping ahead of the game by stating that she will be urging Member State to adopt more extensive data breach notification laws. These laws would extend the scope of the notification regime in the Telecoms Package beyond telecoms and internet service providers to other sectors, forcing them to report losses or theft of data to a regulator and/or customers. This is something which the UK has historically resisted, with the Information Commissioner’s Office stating that “Should legislation be proposed to compel UK organisations to notify people when a data breach occurs, it must be properly considered before it is introduced in the UK.”

Datonomy would agree with this, and will be examining over the coming weeks different aspects of data breach notification law and whether such a law is really a step forward in the fight against poor standards of data handling that we read about again and again in the news. Watch this space …

Leave a Reply

Your email address will not be published. Required fields are marked *