EU Considers Strict Data Breach Notification Rules 33
JohnBert writes "The European Commission is examining whether additional rules are needed on personal data breach notification in the European Union. Telecoms operators and Internet service providers hold a huge amount of data about their customers, including names, addresses and bank account details. The current ePrivacy Directive requires them to keep this data secure and notify individuals if such sensitive information is lost or stolen. Data breaches must also be reported to the relevant national authority. 'The duty to notify data breaches is an important part of the new E.U. telecoms rules,' said Commissioner Neelie Kroes. 'But we need consistency across the E.U. so businesses don't have to deal with a complicated range of different national schemes. I want to provide a level playing field, with certainty for consumers and practical solutions for businesses.'"
breach (Score:5, Insightful)
OK, could this please include:
(1) Notification of all data retention and breaches by government as a result of government legislation, since the EU demands all sorts of data retention for "law enforcement";
(2) Equivalent rules for everyone doing business in the EU even if they store data outside the EU;
(3) The requirement for governments to terminate contracts with any businesses involved in breaches more than n number of times (actually, I'd prefer no public-private partnerships on IT work whatever, but simply requiring competent contractors would go a great way toward this).