A new EU study has identified risk prioritisation, enforcement and resources as key issues in applying data breach notification rules. ENISA, the EU’s cyber-security agency, launched its investigation on data breach notification rules against a backdrop of steadily rising incident of personal information disclosure breaches. …
The have created their own problems
As far as I am aware, the EU data breach legislation requires you to notify even if the lost media or computer was encrypted. This is unlike other legislation which only requires notification if it was not encrypted.
Could be a bit of empire building here and the usual government bloating of staff and tax grabbing. The legislation has some review time to go, lets hope that some sense is introduced.
RE: The have created their own problems
"As far as I am aware, the EU data breach legislation requires you to notify even if the lost media or computer was encrypted. This is unlike other legislation which only requires notification if it was not encrypted."
Given the 1st electronic computer was designed to break encryption systems, and the recent demo's of cloud computing brute force attacks,
Unencrypted = Readable now
Encrypted = Readable later (later being as short as a few minutes)
Afraid of the PR effect of a breach?
So the firms are worried telling customer they fucked up will hurt the bottom line?
Good!!!!! It should. The solution isn't not to tell customers, it's to not fuck up.
Can we solve the shifting of all bank details and airline PNRs to US surveillance first please?
Till that's is sorted, I won't notify about anything.
Focusing the CEO & CFO's mind
The possiblity of being on the front page of every news paper as you just lost 2m bank account details, does focus the mind of the CEO & CFO of companies on that horible techy IT stuff.
The horible techy IT stuff being where the CIO is explaining he needs more staff and budget to protect the company's assests and reputation.
Forcing public disclosure will "up the game" of every company's secuirty standards and practices.