The Dutch ministry of security and justice has put together a bill on the obligation to report data breaches. The Data Protection Act (WbP) is to be adjusted and the text open to consultation up to 29 February. The WbP will be extended with a generally worded obligation to report loss or theft of data (Article 34a). In case of breach, the database administrator must make a risk estimate. If the case is serious enough, the administrator must inform privacy watchdog CBP and all parties concerned. The Telecomm unications Act will have a reporting obligation (Article 11.3a) specifically aimed at telecommunications service providers. The supervision of both amendments will be handled by the CBP.
Source: <a href=”http://www.telecompaper.com/news/dutch-govt-consults-on-data-breach-reporting-obligation”>TelecomPaper</a>.
Does anyone have a link to the text (preferably in English)? And will the CBP be able to hand out fines or enforce? From the description above, this sounds like a fairly weak proposal, even though it may be better than what they have (or don’t have) now, and I’d like to see what the actual proposal is.