Ride the Lightning

Tough New Data Breach Reporting Requirement by the European Union

August 28, 2013

SC Magazine reported yesterday on a tough new data breach requirement that has been imposed on European Union members. As of Sunday, telecommunication and Internet service providers in the EU have 24 hours from the moment of discovery to report a data breach to authorities.

Imagine how the lobbyists would flock to Washington to protest any such federal action here. We can't even get a federal law, so data breaches are governed by a mélange of state laws that have no uniformity and often don't give a deadline for reporting breaches.

Heck, most experts believe (and we agree) that most breaches go unreported. Why risk the bad PR if you are not compelled to? And even where state law compels, the law is often honored in the breach [bad pun].