MEPs are set to approve the data breach notification component of the forthcoming European ePrivacy Directive. The new provision will make it mandatory for website providers to disclose to customers if their personal data has been breached. But the rule will apply only to public websites, so incidents such as the HMRC data loss won’t be subject to the law.
This is, very sadly, a classic example of woolly, misinformed, knee-jerk legislation. I’ve already made my opinions on data breach notification clear, but I’m shocked that the EC can come up with something quite as muddle-headed as this.