Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Mandatory Data Breach Disclosure Ruling Delayed Until 2012

LogRhythm : 14 November, 2011  (Technical Article)
UK Consumers meet ruling delay with frustration as data breaches continue unabated
Mandatory Data Breach Disclosure Ruling Delayed Until 2012
This week, the European Commission (EC) announced that the release of a new version of its Data Protection Directive has been delayed until the end of January 2012. Originally scheduled for mid-November, the legislation will install a 'mandatory data breach disclosure' ruling across both public and private sector organisations, requiring them to report any breaches to relevant regulatory bodies, such as the UK’s Information Commissioner's Office (ICO), as well as inform affected individuals. The EC ruling is likely to cover all companies that store data on European citizens, regardless of whether they are based in the EU.  

Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments:

“Laws enforcing mandatory data breach disclosure are now long overdue. Our research* shows that the majority of the UK public are dissatisfied with the minimal consequences organisations face when they jeopardise sensitive data, with 83 percent supporting compulsory data loss disclosure. This delay means they’ll have to wait even longer before the required standard of governance is in place.

“Once mandatory data breach disclosure laws are enforced, organisations will find they need to develop a much deeper insight into the activity taking place across their networks. This is because they will be required to generate accurate notifications which will specifically identify who and what has been compromised. This has been a particular problem in the US, where breach notification laws are already in place, and many companies are forced into issuing blanket breach notifications, which may even overstate the severity of the incident, due to a lack of visibility into their IT systems.

“Solving this problem depends on organisations making better use of the log data generated by IT equipment. Both investigating breaches after they occur and detecting them beforehand depend on systems that can automatically collect and analyse 100 percent of log data in real-time. Only this approach can provide the forensic insight required to truly understand how threats penetrate systems and compromise data.

“However, organisations should not wait for new legislation to obligate them into gaining a better understanding of the IT estate. With data breach incidents reaching an all-time high this year, it is clear that traditional perimeter security solutions are now an inadequate defence. Organisations now require the traceability provided by continuous log data analysis to identify anomalies, formulate damage limitation strategies and generate accurate breach notifications.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo