Are rules to tighten over data protection and Business Continuity?

 
In a move that may well impact on all Business Continuity and IT Security departments the European Vice President responsible for Justice is calling for the introduction of rules forcing banks, e.commerce businesses, social networking sites and others who hold confidential data to tell customers as soon as there has been a data security breach.
 
Viviane Reding was previously responsible as an EU member for Information, Society and Media before taking the role of Vice-President of the European Commission, responsible for Justice, Fundamental Rights and Citizenship in February 2010.
 
In a speech centred on the need to bolster online privacy she said "trust in an 'information society' has been damaged by the recent events such as the Sony data breach". Her initiative comes at the end of a long line of data breaches that have affected not just many businesses, but also government departments, including health services and tax offices, around Europe. 
 
Viviane Reding, EU Vice President JusticeTo address the concerns raised by these events the Justice Minister is looking at toughening up data protection rules that are already in place for the telecommunications industry to include immediate notification to the regulator when Data has been compromised.
 
The Commissioner is also reviewing the possibility of introducing an enforcement arm that would be responsible for ensuring compliance with the regulations.   
 
Reding is championing the need for plans to address the digital world and the increasing reliance and embedding if technology into everyday activities. The Minister outlined 5 pillars that were needed to build proper data protection. These are: the right to have data forgotten, transparency, 'privacy by design', making firms and authorities responsible for they handle all data and independent oversight and monitoring.
 
The responsibility to protect data is already enshrined under the EU Charter of Fundamental Rights, but Reding stressed the need for this Charter principles to be supported as the pace of technology change and use brings new risks. 
 
Previous attempts to increase the regulation of Data Protection in business have failed due to the added cost burden and a lack of industry consistency on methods with the result that compliance has been been somewhat watered down. 
 
This time around it may well be different though with the challenge of ensuring business continuity, security and compliance becoming much more important for all organisations.