Data protection day is on January 28. Vice-President Viviane Reding, the EU’s Justice Commissioner said ahead of the day: “Data protection in the European Union is a fundamental right. Europe already has the highest level of data protection in the world. With the EU data protection reform which was proposed exactly two years ago – in January 2012 – Europe has the chance to make these rules a global gold standard. These rules will benefit citizens who want to be able to trust online services, and the small and medium sized businesses looking at a single market of more than 500 million consumers as an untapped opportunity. The European Parliament has led the way by voting overwhelmingly in favour of these rules. I wish to see full speed on data protection in 2014.”
The EU claims there is a clear need to close the growing rift between individuals and the companies that process their data: it quotes figures that nine out of ten Europeans (92pc) say they are concerned about mobile apps collecting their data without their consent. The existing EU data protection framework dates from 1995. As for the Edward Snowden leaks about US spying, the EU said that trust across the transatlantic relationship has been damaged by the revelations. The European Commission responded to the US surveillance by making clear that the mass surveillance of citizens is unacceptable.
For more about Vice-President Viviane Reding, EU Justice Commissioner:
http://ec.europa.eu/reding
Christian Toon, head of information risk at Iron Mountain commented on the call by Viviane Reding, the EU’s justice commissioner, for greater fines to be issued following data breaches. She would like to see companies pay fines of up to 5 per cent of their global annual turnover in the event of a data breach.
Toon said: “Despite the fact that this is a huge and potentially devastating sum of money, it remains unlikely that the threat will encourage firms to tighten their security policies and overhaul their data protection guidelines. This is not the first time this 5 per cent penalty has been proposed; the past three years have witnessed much discussion in Brussels around the possibility of increasing fines and clamping down harder on firms that suffer a data breach. However, no concrete proposal has yet been put into effect. As a consequence, many firms are not taking sufficient steps to secure themselves against a data breach and few have shown any real commitment to building a company-wide culture of information responsibility that is led from the top.
“Such complacency is highlighted in recent research into the attitudes of companies towards their information security. The Iron Mountain research revealed that senior managers in close to half the firms surveyed (47 per cent) felt information risk attracted little attention at board level. Moreover, many admitted they consider data breaches as inevitable and were therefore insuring themselves against the potential financial impact, rather than taking measures to prevent a breach from occurring in the first place. Companies need to understand that there is more at stake when their information is compromised than the immediate financial consequences of meeting a fine imposed by the regulators. They also risk losing customer loyalty and suffering reputational damage that could subsequently have a negative impact on their share price.”
