The impact of mandatory breach notifications on UK plc

What do the latest EU plans mean for the UK and will it make the European enterprise a safer place?

So, the much debated European Union plans for mandatory data breach notification have taken another step forward this month with a proposed new directive that would impact cloud providers, social networks and e-commerce platforms to notify authorities regarding any security breach and force all EU member states to establish a Computer Emergency Readiness Team (CERT) in order to share security threat data in a highly co-ordinated manner.

Ross Brewer, vice president and managing director for international markets at LogRhythm, is adamant that the new law will be "exactly what the public needs in order to restore consumer confidence in cyber security." He insists that there is "an urgent need for organisations to reassure consumers they are capable of safeguarding networks."

Brewer is convinced that the public is in favour of mandatory disclosure, citing recent LogRhythm research which revealed 80 per cent no longer trust organisations with their data and social networks, along with 'gaming sites', as being the least trustworthy in this regard.

"It's great to see that the EU proposal is in line with public demand by including major internet companies such as social media firms in its list of key organisations required to report any IT security breaches," Brewer says. But he's not completely happy as he sees some glaring omissions amongst many organisations that are entrusted with high-worth data not being included in the scope of the proposed directive.

Advertisement
Advertisement - Article continues below

I'm inclined to agree. Assuming you go along with the notion that mandatory breach notification as part of a truly transparent IT security strategy makes for a safer environment to work and play, for such a directive to have any real impact as far as consumer trust and organisational security is concerned it has to be all or nothing, everyone or nobody.

What's the point of cherry picking certain enterprises and leaving others out? I recall having this very same debate with a whole bunch of CISOs from some of the UK's biggest organisations within both the private and public sector when I agreed to give a lecture at a security professionals luncheon having won the IT Security Journalist of the Year award for the first time way back in 2006.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019