Ireland consults on compulsory breach notification
The “creep” of compulsory breach notification continues with the Irish Data Protection authority publishing a draft code of practice which would mean notification to the commissioner of any loss of over 100 personal records – providing that the data lost was not encrypted or password protected. But the draft code stops short of requiring companies to tell customers if their data is lost saying only that they must “give immediate consideration to informing those affected”.
Breach notification to individuals is now ubiquitous in the USA and there is a significant chance that the new European Directive will include such a measure. Sadly, evidence from the States suggests that individuals soon become “breach blind” and fail to react when they are sent multiple notices of data loss.
Other recent items: