Telecoms firms and ISPs will have to report incidents within 24 hours
The European Commission’s new data breach notification rules have gone into effect this week.According to the legislation, telecommunications companies and Internet service providers will have to report incidents within 24 hours after the data breach is discovered.
Organizations must also try to determine what type of information has been compromised, and whether or not any individuals are impacted by the breach.
"Consumers need to know when their personal data has been compromised, so that they can take remedial action if needed, and businesses need simplicity. These new practical measures provide that level playing field," European Commission Vice President Neelie Kroes said in June, when the new rules were announced.
In the meantime, the EU is planning on rolling out a series of incentives for companies that implement security measures such as data encryption.