You’ve Got 24 Hours. Starting Now! Companies Doing Business in 28 EU Countries Have Little Time and Lots to Lose Not Warning of Breaches.
The new rules in the EU are already in effect. Enterprises with operations in any of the 28 European Union member states have 24 hours to alert anyone who could be affected by lost, stolen or misused information.
If you think the new 24-hour rule is strict, be advised that more rules are in the offing in the proposed EU General Data Protection Regulation (GDPR), which extends the scope of EU data protection law to all foreign companies processing EU residents’ data.
According to itproportal.com, the push for GDPR is a result of a public outcry over the mass-scale NSA leak and the UK’s GCHQ involvement. (GCHQ or the Government Communications Headquarters is a British intelligence agency responsible for providing intelligence and information assurance to the British government and armed forces.)
So how do organizations doing business with EU countries avoid hassles over the new regs? The obvious answer is comply with the rules and secure data. Itproportal.com suggests that the best solutions “wrap each file in a layer of security to ward off loss or theft regardless of where information travels. Not only does this approach protect sensitive data, intellectual property and customers’ personal information, but it also saves companies from the revenue losses that accompany highly (publicized) security breaches.”
The Ponemon Institute, which is dedicated to advancing responsible information and privacy management practices in business and government, recently conducted a study, The Risk of Regulated Data on Mobile Devices. The study found that more than half the respondents had already experienced an average of five data breach incidents involving the loss or theft of a mobile device containing regulated data.
Nineteen percent said their organizations knew how much regulated data was on their mobile devices, while only 16 percent had a clue how much regulated data resided in cloud-based file-sharing applications.
Security expert Rafalin comments, “If you take this lack of knowledge and combine it with a lack of file security, a plethora of employee-owned and operated devices, and the widespread use of commercial-grade file-sharing services, it is little wonder that the response to data leaks is intensifying. The best way to manage new and proposed regulations in Europe – and to avoid the associated costs in fines and reputation loss – is to implement adequate security protocols.”
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.