Any data breach where personal information is leaked, should be reported to the authorities – by law. That’s what TechWeekEurope readers believe, at any rate, according to a poll.
Currently if your organisation suffers a data breach, it is up to you whether you report it, unless you are part of the NHS. It is commendable and honest if you let the Information Commissioner’s Office know, but you could face a fine for mishandling information of your clients. Indeed, TechWeekEurope has found evidence that some companies may be keeping quiet about a breach, and then undergoing a “voluntary audit” in which the breach might come to light with no consequences.
The EU has proposed a law which would require organisations to report any large data breach within 24 hours. However,that law is not enacted yet – although all public bodies in the UK do have to report leaks of personal data.
We had a substantial number of votes (more than 300 so far), and there was a huge majority (84 percent) in favour of the idea of mandatory data breach reporting.
Only around 13 percent thought the difficulties of such a system would outweigh the benefits. For these people, it seemed that the amount of bureaucracy and paperwork involved in the scheme was too much.
Famously, Coca-Cola experienced a breach and kept quiet for years, feeling that owning up would damage its reputation.
Security professionals would generally rather see problems reported – as this enables the rest of the community to learn from what happened. Without mandatory reporting, some exploits can remain unpatched for a long while, even though some people know about them from bitter experience.
Are you a security expert? Try our quiz!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…