The European Commission is asking for feedback on practical rules to ensure that anyone in Europe who has their private data breached will be told.
According to Rob Rachwald, Director of Security Strategy at Imperva, “Governments today are approaching cyber security laws and regulations in an over heavy-handed fashion. Hackers are, by definition, early adopters, and government and private industry require an organic approach which enables constant adjustment”.
Rachwald continues, “Another key element to consider is providing both a prescriptive approach to complement any punitive measures. Today, most regulations, especially recent legislative proposals, emphasize only a punitive approach - a method that enables companies to game the system. They simply can risk a breach without having put in place the basic elements of cyberdefense. The industry's prescriptive method makes this much tougher.”
Rachwald concludes, “At Imperva, we have been discussing the required collaboration between the government and the private sector in terms of cyber-crime. But how about regulations? Before all breach disclosure laws kick in, the EU is requesting the private sector for their opinion on it: what works, what doesn't, how to apply etc. It even reminds me of PCI where the council consists also of customers and the regulation is changed every few years based on practicalities and feedback”.