EU data breach notification laws on the way

The EU appears to be forging ahead with plans for a US-style data breach notification law which would require all organisations to disclose when they lose sensitive data.

The commissioner for Information Society and Media, Viviane Reding, told the European parliament earlier this week that the commission "will start work without delay to consult widely and make proposals" regarding the extension of notifaction laws to all firms.

A contentious telecoms bill is currently working its way through parliament, which includes a clause to force ISPs and service providers to disclose any breaches.

In an exclusive interview with vnunet.com last October, European data protection supervisor Peter Hustinx said that any proposals to make data breach notification mandatory for all organisations would be "fair and in line with reality".

But the UK's data protection watchdog the Information Commissioner's Office has argued against such laws, saying it should be allowed to decide on a case-by-case basis whether an individual organisation should be forced to disclose a data breach.

The arguments against such laws usually state that they will desensitise the public to data breaches and thus lose their impact. There are also question marks about whether there should be a lower limit set on how many records are lost, after which point disclosure should be made mandatory.

But supporters of US-style laws say that they will help to give everyone a clearer idea of the scale of the data breach problem - information which will be especially helpful to law enforcers.