The impact of mandatory breach notifications on UK plc

What do the latest EU plans mean for the UK and will it make the European enterprise a safer place?

So, the much debated European Union plans for mandatory data breach notification have taken another step forward this month with a proposed new directive that would impact cloud providers, social networks and e-commerce platforms to notify authorities regarding any security breach and force all EU member states to establish a Computer Emergency Readiness Team (CERT) in order to share security threat data in a highly co-ordinated manner.

Ross Brewer, vice president and managing director for international markets at LogRhythm, is adamant that the new law will be "exactly what the public needs in order to restore consumer confidence in cyber security." He insists that there is "an urgent need for organisations to reassure consumers they are capable of safeguarding networks."

Brewer is convinced that the public is in favour of mandatory disclosure, citing recent LogRhythm research which revealed 80 per cent no longer trust organisations with their data and social networks, along with 'gaming sites', as being the least trustworthy in this regard.

"It's great to see that the EU proposal is in line with public demand by including major internet companies such as social media firms in its list of key organisations required to report any IT security breaches," Brewer says. But he's not completely happy as he sees some glaring omissions amongst many organisations that are entrusted with high-worth data not being included in the scope of the proposed directive.

I'm inclined to agree. Assuming you go along with the notion that mandatory breach notification as part of a truly transparent IT security strategy makes for a safer environment to work and play, for such a directive to have any real impact as far as consumer trust and organisational security is concerned it has to be all or nothing, everyone or nobody.

What's the point of cherry picking certain enterprises and leaving others out? I recall having this very same debate with a whole bunch of CISOs from some of the UK's biggest organisations within both the private and public sector when I agreed to give a lecture at a security professionals luncheon having won the IT Security Journalist of the Year award for the first time way back in 2006.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

GDPR 2.0: What do Europe’s new AI rules mean for businesses?
IT regulation

GDPR 2.0: What do Europe’s new AI rules mean for businesses?

28 Jun 2021
The IT Pro Podcast: Navigating Brexit data transfers
data protection

The IT Pro Podcast: Navigating Brexit data transfers

5 Feb 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021