We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

UK firms say they will not be able to cope with EU data law

24-hour data breach reporting time unrealistic?

Only one in ten UK firms say they are ready for the European Commission's proposed data protection directive.

A survey of 200 firms employing more than 1,000 staff by OnePoll found 87 percent admitting they would not be able to identify individuals affected by a data breach within the EC's proposed 24-hour time frame.

In addition, 13 percent said it would take them between a week and one month to pinpoint which customer data was affected, while six percent did not believe they would ever be able to accurately obtain this information.

The LogRhythm research found that 72 percent believed the new EC breach disclosure rules would put them at risk of "over-disclosure". This is when organisations are forced to reveal more information than is strictly necessary, for example notifying every individual who might have been affected by a breach, rather than just those who definitely were.

"'Over-disclosure' is an issue that has been causing concern in locations like the US, which already has breach notification laws in place," said Ross Brewer, vice president and managing director for international markets at security log management software firm LogRhythm, which sponsored the research.

Brewer said the issuing of blanket breach notifications have negative repercussions for the affected organisation as, for instance, the severity of an incident may be overstated, leading to a loss of confidence amongst potential and existing customers.

In addition, the cost of informing an individual their data may have been stolen is just as high as telling them it definitely has, said Ross.

Supporters of the directive will say in response that firms should be more careful about customers' data in the first place, and therefore avoid the bad publicity and expense resulting from breaches.

The survey showed that 77 percent of respondents believed the implementation of data breach penalties, such as the EC's proposed two percent of an organisation's global turnover, would motivate them to increase spending on IT security.

Brewer said: "It is worrying that so many organisations' IT security decisions seem to be motivated by non-compliance and the threat of financial penalties, rather than a desire to employ a best practice approach."

He said it appears that these attitudes stem from the top, as 50 percent of respondents stated that new regulations are one of the main ways of engaging senior level staff with the IT security decision-making process.

IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite