Most of the data breach incidents analysed by the Information Commissioner's Office (ICO) in a three-month period earlier this year concerned errors in the way personal information was disclosed, the watchdog has said. The ICO said that it had looked at 335 data breach incidents between 1 April and 30 June 2013 and found that in …
"some business groups concerned about their ability to meaningfully report breaches within 24 hours"
Meaning some business groups are concerned about their ability to sober up their PR people in time to find someone else to blame.
"Proposed amendments tabled by EU Ministers would, if introduced, restrict the cases in which personal data breaches would have to be reported."
Do they think it's not important? Do they think their corporate masters can save money by hoping nobody finds out?
@ dogged -
> . . .
Do they think it's not important?
. . .<
> . . .
Do they think their corporate masters can save money by hoping nobody finds out?
. . .<
That's what they're doing now.
So, a 'no change' proposal.
No, it's so that when some drunken EU commissioner leaves his briefcase on the train after one bottle too much at lunchtime he'll not have to own up.
When the numbers look bad, do one of the following
1) dont report them,
2) change them to look good
3) or change the way they are counted
Re: Usual crap
You missed one
4) Change the start of the reporting period
California SB1386 law
SB1386 seems to have worked in the states, with companies uping their security, to get out of writing to all their customers to say they screwed up.
It has been proposed in several corners that we should have the same, a point reinforced by the fact that the ICO does not actively investigate, even the stuff that has been directly reported to them by members of the public.
Joe Public>ICO. "organisation X is mishandling my personal data, as defined by these rules in DPA98"
"and I have attached the evidence that their doing it"
ICO>Org X. "are you complying with the data protection act?"
Org X>ICO "certainly"
ICO>Joe Public "Org X have not breached the DPA, case closed"
Problem Is Between Keyboard And Chair.
Nothing changes till criminal charges can be brought.
Which requires the relevant Minister to change his "Statutory Instrument."
Otherwise it'll be BAU