Farcical data breach notification laws

MEPs are set to approve the data breach notification component of the forthcoming European ePrivacy Directive. The new provision will make it mandatory for website providers to disclose to customers if their personal data has been breached. But the rule will apply only to public websites, so incidents such as the HMRC data loss won’t be subject to the law.

This is, very sadly, a classic example of woolly, misinformed, knee-jerk legislation. I’ve already made my opinions on data breach notification clear, but I’m shocked that the EC can come up with something quite as muddle-headed as this.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I can see a rapid growth in the market for cyber insurance products that cover the cost of notification. AIG may, or may not, be around to benefit.