A new ruling from the European Union (EU) will require telecommunications companies to inform affected parties on data breaches.
A report by Outlaw.com claimed that the European Parliament and Commission have already approved the amendments, which will become law after it has been published in the EU's official journal and signed by the president of the council and president of the European parliament.
However the amendments do not extend data breach notification duties to non-telecommunications firms, despite the parliament's earlier demands that it include providers of 'information society services' such as online banks or health services providers.
Steve Moyle, co-founder and CTO at Secerno, claimed that some would argue that this measure should extend to all businesses and the EU measure is a critical first step.
Moyle said: “Since the telecommunications companies and service providers have online components as well as the means to store vast amounts of customer data, starting measures with these groups makes sense.
“We fully expect data protection measures to extend to different business types and industries, but these extensions should be done in a measured, controlled manner. The very worst thing that the EU could do is impose broad, blanket data protection measures that would affect all industries immediately. Historically, these measures (for example Sarbanes-Oxley in the United States) have created compliance costs and headaches that can be as difficult to manoeuvre as the problems they were intended to solve.”
He claimed that it was better to look to this an important first move that is being done correctly and gives all businesses time to prepare for the inevitable cross-industry data protection measures that will emerge in the coming years, than bemoan the fact that the measures are starting with the telecos.