EU study frowns over data breach notification rules A new EU study has identified risk prioritisation, enforcement and resources as key issues in applying data breach notification rules. ENISA, the EU’s cyber-security agency, launched its investigation on data breach notification rules against a backdrop of steadily rising incident of personal information disclosure breaches. …
As far as I am aware, the EU data breach legislation requires you to notify even if the lost media or computer was encrypted. This is unlike other legislation which only requires notification if it was not encrypted.
Could be a bit of empire building here and the usual government bloating of staff and tax grabbing. The legislation has some review time to go, lets hope that some sense is introduced.
"As far as I am aware, the EU data breach legislation requires you to notify even if the lost media or computer was encrypted. This is unlike other legislation which only requires notification if it was not encrypted."
Given the 1st electronic computer was designed to break encryption systems, and the recent demo's of cloud computing brute force attacks,
Unencrypted = Readable now
Encrypted = Readable later (later being as short as a few minutes)
The possiblity of being on the front page of every news paper as you just lost 2m bank account details, does focus the mind of the CEO & CFO of companies on that horible techy IT stuff.
The horible techy IT stuff being where the CIO is explaining he needs more staff and budget to protect the company's assests and reputation.
Forcing public disclosure will "up the game" of every company's secuirty standards and practices.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
