Mark Scott reports that new EU data protection directives were (finally) approved yesterday, and will go into effect in 2017. Some of the directives will have significant impact for American businesses, regardless of whether they maintain headquarters or offices in the EU. Scott summarizes some of the new directives, and there are a few that deal with data security and breaches, e.g.:
■ Allowing national watchdogs to issue fines, potentially totaling the equivalent of hundreds of millions of dollars, if companies misuse people’s online data, including obtaining information without people’s consent.
■ Requiring companies to inform national regulators within three days of any reported data breach.
So they’ll have a stronger breach notification law than we have if our Congress continues to fail to pass strong federal legislation to protect people.
Read more on NY Times, and expect more coverage of this on this site.