Europe Takes Aim at Protecting Personnel Data
In addition to addressing many other pressing issues that are facing the continent, Europe has been very busy focusing on combating cybercrime and ensuring the privacy of its citizens’ data. The European Commission (“EC”) has agreed on a draft law requiring increased collaboration and cooperation between nations in response to cyber threats. Additionally, a pan-European data breach exercise was carried out by member Nations.
The EC first draft of the law covers three areas: 1) Improve Member State cybersecurity capabilities; 2) Improve Member State cooperation on cyber threats; 3) Require management of organizations in “essential” sectors to implement appropriate security measures and report security incidents. Essential sectors include transportation, financial, healthcare and energy as well as providers of increasingly critical services such as cloud computing and search engines. Historically, firms have been extremely wary of this kind of reporting fearing that it may not only damage their brand and erode client trust but provide competitors with information about business practices and operations. This clearly places cyber security as the concern of the CEO and Board Members (if it wasn’t there already).
The ground breaking European data breach exercise was undertaken to encourage collaboration between Member States in case of cross-border personal data breaches. The exercise consisted of a realistic scenario where the personal data of large numbers of citizens were breached. The exercise was coordinated from the European Crisis Management Laboratory in Italy. With cross-border data breaches becoming more and more common, this exercise is an example of ways to promote cooperation, collaborative and coordinated responses. As the results of the exercise are analyzed valuable insights will be obtained on the challenges that of these types of incidents present to the European community and its citizens as well as any limitations of the current means used facilitate cooperation and also to serve as a basis for developing new solutions to promote communication and the exchange of critical information.
Where will it go?
It will be interesting to see how both of these impact the workings of government and private entities that operate in the EC. Moreover, these will surly provide input for consideration to the soon to be implemented General Data Protection Regulation.