Perspective on the EU Data Privacy Proposal - Imperva Data Security Blog

January 25, 2012

Perspective on the EU Data Privacy Proposal

The EU has come out with a data protection proposal.

First, the good stuff:

The new EU privacy law takes a good step forward for privacy. The ability to control and even delete individual data profiles is a needed move.
Unifying laws across the member EU states makes sense.

However, the proposal doesn’t do enough to protect data. Since it mainly proposes fines, it will not help keep EU citizen data safe from hackers or insiders. Such approaches have not met with success in the past. Why? Fines enable companies to game the system. They can risk a breach without having put in place the basic elements of cyber defense.

Rather, the EU should put in place fines coupled with a more prescriptive approach, working with industries to identify specific actions firms should take to protect data. The payment card industry, PCI, adopted this approach through self regulation and has managed to lock down data better than any regulation in existence today. This prescriptive method makes gaming the system much tougher. More importantly, by involving the industries and not just spanking them, private enterprise has real skin in the game.

Posted by Rob Rachwald at 05:42:48 AM | Rob Rachwald

Comments

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.