Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, June 10, 2010

Ireland considers detailed data loss disclosure guidelines

The proposed code of practice has been published by the Office of the Data Protection Commissioner on its Web site and is open for public comment through June 18.  The code of practice would require organizations to report a breach within two working days with some exceptions if strong security measures are implemented.  All breaches that result in the loss of personal data affecting more than 100 people would have to be reported unless the personal data was encrypted to a “high standard” with a strong password and that password had not been compromised.

In comparison, the U.K.‘s disclosure guidelines are less specific than the proposed Irish code of practice, Malcolm said.  However, the U.K.‘s Information Commissioner does expect organizations to report serious data breaches, he said.

In April, the U.K. Information Commissioner for the first time gained the power to fine organizations for violating the Data Protection Act.  The European Union has a data breach disclosure law on the books, but it only applies to telecommunication companies.

Posted on 06/10