New EU security breach proposal will pre-empt UK business security measures
EU has a new proposal for US-style data breach laws will mean for businesses in
Europe and warns that they need to take security measures to protect the data that crosses the corporate perimeter sooner, rather than later.
Henk Spanjaard, MD, EMEA, Decru commented: “It is difficult to listen to the news these days without hearing about another high-profile data security breach, whether it is the loss of a laptop or a back-up tape. In the last two weeks, Nationwide Building Society and the Metropolitan police have hit the headlines for major security breaches. But for all the organisations that are honest enough to admit such breaches there are hundreds that aren’t. The EU is now proposing US style data breach laws, which would demand European companies notify regulators and customers of any security breach of data held by the company.
The advance announcement of the law is a positive step and should pre-empt UK businesses into ensuring that stored data is secure compared to what happened in America about 18 months ago when businesses were caught off guard as the laws were announced. We have seen many cases where security breaches can impact consumer confidence to such a degree that it leads to long-term brand damage, but many businesses still see securing data as a risk management decision, very similar to buying insurance – just in case data gets lost or stolen.
We encourage businesses to always secure their data because the cost of clearing up a breach after it happens is more than ten times the cost of investing in data security. Why take this financial risk? Currently the EU plans (unlike the US version) do not put the onus on the business to rectify security breaches, merely notify the relevant parties that the breach has occurred. But this could change and businesses are better off protecting their data sooner rather than later to safeguard brand equity, reputation and most of all their customers.”