US Tech Companies May Soon be Required to Report Security Breaches to the EU


U.S. based tech companies that store data on the Internet may soon be required to report the loss or theft of personal information to the E.U. or face sanctions and fines according to legislation being proposed by the European Commission. As reported in the New York Times last Wednesday, the proposal, which is being drafted by the Vice-President of the European Commission responsible for the Digital Agenda seeks “to impose, for the first time, E.U. wide reporting requirements on companies that run large databases, those used for Internet searches, social networks, e-commerce or cloud services.” The proposal is expected to be reviewed by the European Commission on January 30.

The plan is controversial because, among other things, it would extend the obligation to report data breaches beyond traditional compilers of customer databases for critical infrastructure like telephone, transport and utility companies to the “enablers of Internet services, e-commerce platforms, Internet payment gateways, social networks, search engines, cloud computing services, applications stores” and, for the first time, require U.S. companies to report breaches to a national authority, a reporting obligation that is non existent on a national level in the United States. In the U.S., notification of data breaches are enforced by the state, not federal government, with most states requiring companies only to report security breaches involving more than 500 customers.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cohen & Gresser LLP | Attorney Advertising

Written by:


Cohen & Gresser LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.