Work continues on the ePrivacy Directive in the coming months. One InfoSec concept which the EU are looking to tighten up control of through the directive is “disclosure”. Whereas in the past, companies or organisations may have been a little shy about publicising their information security breaches, it’s soon going to be come a strictly enforced legal requirement to do so. Under the ePrivacy Directive disclosure requirements will be covered under Data Breach Notification rules. A public consultation is currently underway and is sue to conclude in September:
The consultation will cover the mechanisms for categorising. assessing and reporting breaches.
The hacker groups Anonymous and Lulzsec have made a mockery of the security controls of some major organisations in recent months. Data loss and it’s prevention continues to be a major challenge for infromation security managers. It’s time for organisations of all sizes to get serious about InfoSec, and this legislation could help push for that.