ENISA Says Proposal Could Have Negative Impact on Breach Prevention
PRIVACY LAW—EUJuly 9, 2012
A new report from the European Network and Information Security Agency (ENISA) says proposed EU regulations that would require Internet firms to quickly report data breaches could lead companies to focus on "symptoms rather than causes of cybersecurity vulnerabilities if not augmented by other regulations," FierceGovernmentIT reports. In a June report, the Justice and Fundamental Rights Directorate General proposed updating existing regulations to require breaches be reported to government supervisory entities within 24 hours. But "like many other areas of regulatory intervention," the proposal "addresses the symptoms and not the cause of cybersecurity problems," ENISA says.