Security advisory group ISACA International has applauded Ireland's Data Protection Commissioner for publishing a draft code of practice that requires organisations to report the theft or loss of personal data relating to more than 100 people.
"The draft code also proposes mandatory notifications of all types where sensitive personal or personal financial data is involved," said Rolf von Roessing, ISACA vice-president.
The proposed code of conduct formalises the situation regarding data losses or thefts in the Republic of Ireland and, as such, will act as a reference model for other European countries, he said.
"This means that most larger businesses in Ireland will have to report data thefts of most types as they occur, should the code of conduct be ratified as an Act," said von Roessing.
Identity theft, he says, has now become a serious cybercrime problem, with criminal gangs selling personal data between themselves like never before.
"When the UK's ICO announced in January of this year that he was increasing the penalties for data beaches and losses to £500,000 pounds, we welcomed those changes, noting that it is a major worry for responsible citizens to find that their private data has been released into the public domain," he said.
ISACA also welcomes the proposals by the Irish Data Commissioner's Office, as they formalise what has been best practice in many organisations to date, said von Roessing.