Frustration to UK consumers
The European Commission (EC) has announced that the release of a new version of its Data Protection Directive has been delayed until the end of January 2012.
Originally scheduled for mid-November, the legislation will install a 'mandatory data breach disclosure' ruling across both public and private sector organisations, requiring them to report any breaches to relevant regulatory bodies, such as the UK’s Information Commissioner's Office (ICO), as well as inform affected individuals.
The EC ruling is likely to cover all companies that store data on European citizens, regardless of whether they are based in the EU. While the law is considered a good thing, Ross Brewer, vice president and managing director for international markets, LogRhythm said that its delay is not. He said that laws enforcing mandatory data breach disclosure are now long overdue and his outfit's research shows that the majority of the UK public are dissatisfied with the minimal consequences organisations face when they jeopardise sensitive data, with 83 percent supporting compulsory data loss disclosure.
This delay means they’ll have to wait even longer before the required standard of governance is in place.