Freely subscribe to our NEWSLETTER

It is expected that the introduction of new mandatory reporting laws will require businesses to put further data security controls in place to help ensure they are aware of where critical, company sensitive data is stored. Commenting on these developments, Gerard Curtin, CEO of PixAlert stated, ‘Mandatory reporting will help bring about more clarity to the amount of data being lost and improve efforts to prevent breaches. With its eventuality clearly on the horizon, businesses need to address data protection seriously and proactively prepare to ensure that sufficient security structures and controls exist. If a company is seen as being unable to protect client data or in breach of regulation, penalties are likely to be imposed’ stated Mr. Curtin.

The EU implemented new amendments to Directive 2002/58/EC on the protection of privacy in the Privacy and Electronic Communications Directive which introduced breach notification rules and penalties for Internet Service and Telecoms providers requiring that operators secure personal data properly and inform their customers and data protection authorities promptly when client data is lost or breached. This directive was enacted as law in Ireland and UK earlier this summer.

The EU’s Justice Commissioner Viviane Reding stated in June this year that new data protection changes would ensure that all businesses take data protection seriously with an intention to introduce a mandatory requirement to notify data security breaches across all sectors including banking and financial services ‘Data breaches have eroded consumers trust and banks and businesses will need to take data protection much more seriously if they want to avoid future reputation damage’ Reding stated. The Commission is expected to present its proposal to the European Parliament and the Council of the EU in 2011 which will agree on the final text in the co-legislation procedure (Article 16, Treaty on the Functioning of the European Union [2008] OJ C 115/47).

These latest move serves to incentivise businesses to conduct serous risk assessments to protect personal data and to implement appropriate security measures protecting the confidentiality, integrity and availability of personal data.

In preparing for mandatory reporting, part of the security process is to establish and have a comprehensive understanding of where critical and company sensitive information resides on the corporate network. According to Gerard Curtin of PixAlert ‘data discovery is an essential factor in risk mitigation and a control in assessing governance and compliance capabilities – before you can protect your data, you must be able to find it!’. Data auditing helps ensure that critical data assets are safeguarded and that the security process is working effectively, enabling organisations to identify and proactively react to vulnerabilities.