Europe looks set to adopt a data breach notification law that will oblige telecoms companies to inform their clients if their personal data is compromised. According to experts at InfoWatch, a similar law is needed in Russia.
The European Commission has published proposals for a change in the law that would force telecommunications firms to notify regulators and customers of all breaches of data security, including lost laptops and stolen backup tapes that contain records of private data.
A similar law in California has revealed a wealth of high-profile data breaches by companies such as Time Warner and Bank of America. It is quite possible that just as many leaks occur in Europe, but that businesses cover them up.
European rights groups view the proposals positively, saying that anything that empowers the individual and gives them more information is a good thing. However, the proposed changes fail to prevent criminals from making use of any leaked data, even if those affected know about the breach. Telecoms and other businesses have to be held accountable for data breaches, paying a fine if a leak occurs. In other words, the proposed changes do not address all the problems, but could serve as a step in the right direction towards a comprehensive system for protecting people’s private data.
“Russia could do with a similar law. The law On personal data requires organizations to protect people’s private data, but does not stipulate the notification of regulatory bodies in the event of a leak. Therefore, a company can only be punished for leaking data if it can be proved in court,” says Denis Zenkin, marketing director at InfoWatch.
Source: IT Observer