All the latest UK technology news, reviews and analysis

EU 24-hour breach disclosure laws to come into force

23 Aug 2013
European commission

European Union regulations designed to force telecom operators and internet service providers (ISPs) to notify national authorities within 24 hours of detecting a data breach are set to take effect on 25 August, despite widespread criticism from numerous UK government bodies.

The laws mean that the companies will have to report any cyber incidents resulting in theft or unauthorised access to customer data to the relevant law enforcement agency within just one day.

ISPs and telecoms firms have already been subject to this law, but the 24-hour notification regime is new, as European Commission (EC) vice president Neelie Kroes looks to strengthen the data protection regime in Europe.

However, the wider reforms for data breach disclosure, which could see the same burdens on ISps and telecoms firms placed on all industries, have been widely criticised by groups in both the private and public sector.

Experts from numerous security firms, including Trend Micro and F-Secure, arguing that while they are well intentioned there is no realistic way to police the laws fairly or safely.

They also warned that by forcing companies to disclose attack data so quickly, businesses will not have time to do adequate cyber forensics work, meaning that to act within the law they will have to take ill-conceived, knee-jerk actions in reaction to attacks - a practice that security firm's like Detica have warned against for some time.

The laws come as a wider debate on future European data protection laws undergo fierce debate. The legislation has attracted the ire of UK Justice Minister Lord McNally, who has criticised the European Commission's data protection draft, warning that the overarching legislation will cause untold damage to the British economy.

Lord McNally said that the unrealistic time frame of the proposal will force many smaller businesses to operate outside the law, risking potentially devastating fines.

The calls for change have met with some success, with recent reports suggesting that the European Parliament is deadlocked on whether to rethink the 24-hour disclosure time frame. The vote to decide whether the law should remain the same is scheduled to take place in October, with amended legislation hoped for before the European elections in May 2014.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Privacy
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

C++/Python Algorithmic Developer - urgent hire

C++/Python Algorithmic Developer - urgent hire Skill...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

1st Line Helpdesk Support Engineer

Does your current employer… Let you play/experiment...

Service Desk Manager

Service Desk Manager The Clinical School Computing...
To send to more than one email address, simply separate each address with a comma.