In the wake of a number of security incidents in the United Kingdom and elsewhere, the debate has reopened as to whether there should be a U.S.-style security breach notification law to require those suffering a data
breach to notify individuals as well as national data protection authorities. The European Commission proposed
obligations for telecommunication operators and internet service providers to notify affected persons of breaches. In consultations on the draft, it was proposed to expand the regime to other organizations handling personal data. This article outlines the movement towards security breach notification in Europe and the lessons to be learned from experiences in the United States and Japan where security breach laws are in place already for some time.
Please see full publication below for more information.