Europeans Will Now Know When And What Data Gets Compromised In A Breach — Unless It Was Encrypted
In the wake of the latest notice from a major internet company revealing that user data has been compromised — Facebook’s admission of a security bug compromising data from 6 million users — the European Commission today is publishing new, Europe-wide rules that will require ISPs, carriers, broadband providers and others to report to both national regulators and to subscribers more specific detail about what has been compromised within 24 hours of the breach.
But it’s also throwing them a couple of bones. First, to get companies to invest a bit more in security, if they implement approved encryption techniques, then providers do not have to notify the subscriber if they have implemented the appropriate protection measures (although they still have to notify the national authority). Second, the EC is not requiring ISPs and others to report all breach details to subscribers; it merely gives them more specific criteria to…
View original post 763 more words