Proposed EU Data-Privacy Rules Require Breach Disclosure within 24 Hours
Part of a comprehensive suite of data-privacy reforms, the proposed rules would require any firm with EU customers to notify affected individuals and the relevant authorities within 24 hours of detecting a breach.
The draft legislation has received mixed responses. Though designed to enhance consumers’ ability to manage personal data, critics point out that the short deadline may ultimately undermine privacy goals by interfering with law enforcement investigations, distracting from damage control, and creating confusing false alarms.
Some view the proposal as a reaction to the PlayStation Network breach last spring, after which Sony failed to notify customers for over a week. Even if the proposal never comes into effect, it sends a strong message to IT firms: step up your data-privacy game or risk strict regulation.