All businesses in the UK that store data on customers will soon have to disclose any breaches, as the European Commission looks to widen the scope of recent changes to data protection laws.
Speaking at the British Bankers' Association (BBA) Data Protection and Privacy Conference in London on Monday, European Union justice commissioner Viviane Reding said the move would ensure all businesses took data protection seriously.
"I intend to introduce a mandatory requirement to notify data security breaches – the same as I did for telecoms and internet access when I was telecoms commissioner, but this time for all sectors, including banking and financial services," she said.
"It would create a stronger incentive for business to conduct serious risk assessments to protect personal data and to implement the appropriate security measures protecting the confidentiality, the integrity and the availability of personal data."
Reding explained that the Commission's proposals to change data protection legislation would be revealed in the coming months and that she would meet with UK ministers to discuss the plans.
"We have consulted widely on this major reform and we've taken into account many suggestions and concerns of experts and stakeholders [and] during my visit to London I have the opportunity to discuss our proposals with justice secretary Kenneth Clarke," she added.
Telecoms firms and internet service providers are already subject to mandatory data breach disclosure after changes to the ePrivacy Directive, which came into force on 26 May.
Mobile operator Everything Everywhere recently slammed the law, claiming it will swamp the Information Commissioner's Office (ICO) with unnecessary reports of data breaches.
Attack revealed bugs and potential security flaws that were later exploited in real-world cyber attacks
5G products could start appearing from 2019 - but networks may take some time catching up
Spending will rise as companies continue to adopt technologies like 3D printing, AI and VR
Software-defined networking can centralise management of your global network, improving security and helping to optimise applications