Under new EU regulations, any ISP or telecommunications provider serving the European market that suffers a security or data breach that leads to theft, loss, or compromise of data must disclose it within 24 hours. They will be required to provide information about the breach’s exact nature and size, and disclose all details about the event within three days. They will also have to disclose the information that was compromised and any steps they took to resolve the matter. For breaches in which personal information or privacy were compromised, ISPs and providers will have to notify customers and the appropriate national data-protection authority. The European Commission said this will clarify existing regulations, ensuring that all customers are getting equal treatment. The commission also intends to give companies incentives for encrypting personal data and, with the European Network and Information Security Agency, plans to publish a list of these possible protections for data. Any company that encrypts personal data that experiences a data breach would be exempt from notifications. (SlashDot)(European Commission)
