Become A Fan On Facebook
Join Our Network On LinkedIn
Follow Us On Twitter
Watch Our Videos On YouTube  Data Protection Privacy Breach - Writing On The Wall For Shoddy EU Corporate Security PracticesOn what has been deemed by many as ‘The Year Of The Breach’, businesses within the EU will now need to brace themselves for new European Union privacy rules which will be legislated on a pan-European basis across all member states. The draft EU legislation proposes to penalise organisations who are in breach of data protection privacy by imposing fines of up to 5 % of their global turnover under sweeping proposals which will be unveiled next month. There is to be a stronger data protection authority, more trans-European co-ordination on data protection issues (a European Data Protection Board), and an obligation on national governments to give their supervisory bodies (Data Commissioners) sufficient resources to operate effectively. In the first significant update of data protection legislation since 1995, companies found to have mishandled any personal data they hold – be it of their customers, suppliers or their own employees – will face the highest levels of fines, which could extend to billions of euros for large multinationals. The measures are currently being finalised within the European Commission and will have to be approved by national governments. The process is likely to take at least two years, with another two before the measures come into effect. The proposals would bolster significantly the EU’s powers on combating data protection breaches, such as when companies sell customer data to third parties without authorisation or fail to adequately protect information held by social networks and “cloud computing” services. Companies would have 24 hours to notify data protection authorities and the effected parties in cases where private data are compromised, as happened earlier this year when the details of Sony’s PlayStation accounts were hacked. By ensuring the rules also apply to foreign groups’ European subsidiaries, the new rules will force global companies to comply with the new regulation. A draft of the proposal calls for all companies with more than 250 employees to dedicate staff to data protection issues, something currently not required in all European countries. The rules will give the EU similar powers in policing privacy to those it wields in competition matters, where it can levy fines of up to 10 per cent of turnover for antitrust violations. This latest move by the EU serves to incentivise businesses to conduct serous risk assessments to protect personal data and to implement appropriate security measures to protect the confidentiality, integrity and availability of their customer’s personal data. In today’s evolving regulatory environment, it is now vital for organisations to put effective data protection measures in place and given the general reluctance by businesses to adequately protect client personal data up until now, this new legislation is believed to be the necessary catalyst to enforce best practice procedures throughout Europe. Businesses will need to deploy proper security controls which should help bring about more clarity on the amount of data being lost through improved data breach prevention and reporting. Without doubt, the new regulation will raise the profile of data security and highlights that shoddy security practices will no longer be tolerated in the new European data protection environment. Organisations need to accurately assess their security controls and face the sea change of data protection reform by proactively ensuring that sufficient structures exist to properly and continuously protect their valuable consumer data. About PixAlert Author: Gerard Curtin, CEO, PixAlert Article Source: Financial Times 04 Dec 2011 Regulation Outline: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL |
