US Tech Companies May Soon be Required to Report Security Breaches to the EU


U.S. based tech companies that store data on the Internet may soon be required to report the loss or theft of personal information to the E.U. or face sanctions and fines according to legislation being proposed by the European Commission. As reported in the New York Times last Wednesday, the proposal, which is being drafted by the Vice-President of the European Commission responsible for the Digital Agenda seeks “to impose, for the first time, E.U. wide reporting requirements on companies that run large databases, those used for Internet searches, social networks, e-commerce or cloud services.” The proposal is expected to be reviewed by the European Commission on January 30.

The plan is controversial because, among other things, it would extend the obligation to report data breaches beyond traditional compilers of customer databases for critical infrastructure like telephone, transport and utility companies to the “enablers of Internet services, e-commerce platforms, Internet payment gateways, social networks, search engines, cloud computing services, applications stores” and, for the first time, require U.S. companies to report breaches to a national authority, a reporting obligation that is non existent on a national level in the United States. In the U.S., notification of data breaches are enforced by the state, not federal government, with most states requiring companies only to report security breaches involving more than 500 customers.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cohen & Gresser LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.