The impact of mandatory breach notifications on UK plc

What do the latest EU plans mean for the UK and will it make the European enterprise a safer place?

So, the much debated European Union plans for mandatory data breach notification have taken another step forward this month with a proposed new directive that would impact cloud providers, social networks and e-commerce platforms to notify authorities regarding any security breach and force all EU member states to establish a Computer Emergency Readiness Team (CERT) in order to share security threat data in a highly co-ordinated manner.

Ross Brewer, vice president and managing director for international markets at LogRhythm, is adamant that the new law will be "exactly what the public needs in order to restore consumer confidence in cyber security." He insists that there is "an urgent need for organisations to reassure consumers they are capable of safeguarding networks."

Brewer is convinced that the public is in favour of mandatory disclosure, citing recent LogRhythm research which revealed 80 per cent no longer trust organisations with their data and social networks, along with 'gaming sites', as being the least trustworthy in this regard.

"It's great to see that the EU proposal is in line with public demand by including major internet companies such as social media firms in its list of key organisations required to report any IT security breaches," Brewer says. But he's not completely happy as he sees some glaring omissions amongst many organisations that are entrusted with high-worth data not being included in the scope of the proposed directive.

I'm inclined to agree. Assuming you go along with the notion that mandatory breach notification as part of a truly transparent IT security strategy makes for a safer environment to work and play, for such a directive to have any real impact as far as consumer trust and organisational security is concerned it has to be all or nothing, everyone or nobody.

What's the point of cherry picking certain enterprises and leaving others out? I recall having this very same debate with a whole bunch of CISOs from some of the UK's biggest organisations within both the private and public sector when I agreed to give a lecture at a security professionals luncheon having won the IT Security Journalist of the Year award for the first time way back in 2006.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021