The EU wants full security breach disclosure

Companies asked to confess to breaches and get the ‘digital fire brigades’ in

EU security

In a bid to curb data loss in Europe the EU is asking companies to be transparent about any violations of security they may have been subject to.

If the new rules are greenlit, companies would have to let The European Network and Information Security Agency (ENISA) know every time a breach to their computer systems.

The proposed ruling comes after some high-profile cases of confidential information being lost due to laptops being stolen or data discs going awry. The latest worldwide case of data going missing was earlier this month when an HSBC server was lost and some 159,000 Chinese bank account details went missing.

Article continues below

Closer to home was the child benefit data scandal that saw the UK government lose CDs containing 25 million people’s data.

Call in the Certs

According to, in 2005 the EU set up what is dubbed as the ‘digital fire brigade’. Called Computer Emergency Response Teams (Certs), these teams are currently employed in eight states and combat such things as spam and server attacks. The ENISA (The European Network and Information Security Agency) wants the number of states with Certs increased to 15.

Andrea Pirotti, executive director of ENISA, said in a statement: "Europe must take security threats more seriously and invest more resources in NIS [network and information security].

"Therefore, ENISA calls for the EU to introduce mandatory reporting on security breaches and incidents for business, just as the US has already done.”