Changes in data breach laws get thumbs up


Changes in data breach laws get thumbs up

Simon Quicke
There are growing expectations that details of proposed changes in data breach laws across the EU will emerge this side of the new year with those in the security industry welcoming a tougher stance.

Currently the Information Commissioners Office (ICO) has the option to hand out fines of up to half a million pounds to those caught out failing to look after data but there have been some criticisms that the maximum penalty is rarely enforced.

But if the expected changes are made by the EU then those guilty of allowing a data breach to occur could be in line for fines that could reach five percent of turnover and will have to reveal a problem within 24 hours.

Although the details are sketchy and even if they are proposed soon it could take a while for the mechanics of the EU to move before any changes happen on the ground.

However just the prospect of a major overhaul of the data breach laws is focusing minds and was one of the major themes of a Check Point roundtable last week and continues to garner reaction from the security industry.

Grant Taylor, Cryptzone vice president of the compliance vendor, said a 24-hour rule would be a "game changer" making data security a boardroom conversation across Europe.

"As has been reported, in the US where data breach notification legislation is a lot more onerous than it is in Europe, the costs of remediating a breach are a lot higher. As a direct result, we have found that the issue is discussed a lot more amongst companies and, as a consequence, the profile of IT security generally seems to be far greater," he said.

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.