New stipulations have gone into effect that mandate that telecommunications and internet providers in the EU must alert the appropriate authorities of a data breach within 24 hours of the moment of discovery.
Sep 03rd, 2013
The data security environment is always evolving. Most obviously, security firms are constantly developing new, improved data protection measures, and cybercriminals are looking for ways to overcome these efforts.
But there are many other ways in which this landscape is changing, with major implications for businesses in every industry. Significantly, personnel at every level are becoming increasingly aware of the risks posed by security breaches, leading to a variety of consequences. Among the most important of these is the establishment of more robust, strict data breach notification requirements by governments around the world. Such laws have heightened the data breach consequences for businesses, and serve as a powerful reason why firms in every sector should consider investing in high-grade secure file transfer solutions.
The most recent example of new data breach reporting requirements comes from the European Union. SC Magazine reported that new stipulations have gone into effect that mandate that telecommunications and internet providers in the EU must alert the appropriate authorities of a data breach within 24 hours of the moment of discovery. If the available information is incomplete, they must provide a more thorough follow-up report within 72 hours of the incident. These reports must include the type of information exposed, the number of affected individuals and what measures the organization has taken to minimize the damage.
"Consumers need to know when their personal data has been compromised, so that they can take remedial action if needed, and businesses need simplicity," said Neelie Kroes, vice president of the European Commission in a statement earlier this year when the proposals were first announced. "These new practical measures provide that level playing field."
Speaking to SC Magazine, Todd Hinnen, a partner with Perkins Coie's privacy and security practice, indicated that such a deadline may cause serious problems for affected organizations. Specifically, he said that it is difficult for a firm to gain an accurate, complete understanding of the scope of a breach and its cause in such a short period of time. This may lead to inaccurate reporting.
However, Hinnen also believed that data breach reporting laws are worthwhile and should be implemented more regularly and strictly in the United States. Currently, only a few states have established firm deadlines for these events, with the majority simply requiring that organizations alert the authorities and affected victims in a reasonable amount of time.
Yet this will likely change in the near future, Hinnen asserted. In regard to establishing a federal data breach notification law in the United States, he told the news source, "I think it will happen. There is a great deal of focus on it and a great deal of desire to get it done."
Assuming that such a law is implemented, data breaches will quickly become even more serious concerns for U.S. companies. Obviously, these incidents are already hugely important for such organizations. But if companies must now report breaches quickly, there will be even more pressure on all personnel following these incidents. This can lead to disruptions, downtime, lost productivity and a host of problems, all of which become even more severe as the reporting deadline shrinks.
That is why it is so critical for firms to invest in data protection solutions that can prevent data breaches from occurring in the first place. To this end, businesses should implement secure file transfer tools that enable the easy distribution and sharing of corporate information without putting that data at risk of exposure, loss or theft.