MEPs are set to approve the data breach notification component of the forthcoming European ePrivacy Directive. The new provision will make it mandatory for website providers to disclose to customers if their personal data has been breached. But the rule will apply only to public websites, so incidents such as the HMRC data loss won't be subject to the law.
This is, very sadly, a classic example of woolly, misinformed, knee-jerk legislation. I've already made my opinions on data breach notification clear, but I'm shocked that the EC can come up with something quite as muddle-headed as this.
Comments (1)
I can see a rapid growth in the market for cyber insurance products that cover the cost of notification. AIG may, or may not, be around to benefit.
Posted by Clerkendweller | September 18, 2008 1:35 PM
Posted on September 18, 2008 13:35