Security suppliers are lobbying the European Commission to introduce US-style laws that would force companies to publicly report IT security breaches if they lead to the loss of sensitive personal information.
The Cyber Security Industry Alliance, which represents 20 security suppliers, including Symantec, IBM and RSA, said it was holding discussions with the EC on the idea.
"Reporting breaches is raising the bar on security. It is in the consumer's interest. If my data is on the streets, I want to know so I can obtain a new credit card and password," said Marika Konings, director of European Affairs at the Cyber Security Industry Alliance.
Konings said the EC had given indications that it would put forward proposals to tackle ID theft and fraud that could include minimum security standards and requirements to report security breaches.
"Banks and retailers might not be happy about it, but it will make them think what they can do to prevent breaches happening," she said.
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management
Comment on this article: [email protected]