New EU data security rules

EU data security rules will be strengthened and made more consistent, under new legislation being drawn up by the EU Justice Commissioner, Viviane Reding. Her proposals cover the full range of internet-based activities, from cloud computing and social media to banking and finance. They even include the consideration of establishing a “right to be forgotten” online.

The Justice Commissioner is currently drafting a bill to update existing EU data protection laws. The new bill will set out robust cross-European rules on data security. Among other things, the proposed legislation will:

introduce a mandatory requirement to notify data security breaches…for all sectors, including banking and financial services.” (from the Financial Times

It is not clear how far EU Data Protection laws can be enforced outside the borders of Europe. The Justice Commissioner is currently negotiating with the US to agree on common standards with the USA.

Ken Clarke, the UK Justice Secretary, is far from enthusiastic about an approach he described as “one size fits all.”
Viviane Reding argued, however, that a consistent EU approach would ease the burdens on businesses that do business across EU borders, by simplifying the requirements that they would have to meet. She believes that cross-border trade would increase from its current low level, as consistent legal standards would improve confidence.

There is a good summary of the proposals and what they will mean for business on

Taz Wake - Halkyn Security

Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.