Risk
1/26/2012
11:55 AM
Connect Directly
RSS
E-Mail
50%
50%

What EU Data Privacy Proposal Means For Business

Proposed new rules, including a "right to be forgotten" clause, could create compliance mess for multinational businesses.

The European Commission has unveiled a proposal to strengthen data privacy laws, putting forward what could be another layer of compliance concerns for multinational businesses.

The new rules include a "right to be forgotten" for the public, where they can demand their data be deleted if there is no "legitimate grounds" for it to be kept. Businesses would also be required to notify the public of data breaches within 24 hours "if feasible." The rules have a long way to go before they become law, and may be modified during what is expected to be at least a two-year legislative process.

Still, the debate about the new rules--which also mandate companies with 250 or more employees would have to appoint a data protection officer--underscores the challenges corporations face when juggling both their interests and the various laws that apply around the globe.

"The commission's proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information," argued Thomas Boue, director of European affairs for the Business Software Alliance. "The rules should focus more on the substantive outcomes that matter most to citizens. The risk in the proposal's current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth."

Reducing complexity is one of the main drivers behind the proposed changes. According to the commission, a single set of rules would encourage a more consistent application of the law across the European Union (EU) and give businesses clear rules on how to treat private information. Tracking the various data privacy laws from country to country can be difficult, said Matthew Norris, e-risk and privacy expert at small business insurance specialist Hiscox.

Read the rest of this article on Dark Reading.

Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.