In the wake of a number of security incidents in the United Kingdom and elsewhere, the debate has reopened as to whether there should be a US-style security breach notification law, requiring those suffering a data breach to notify individuals, as well as national data protection authorities.  The ICO (“ICO”) recently published guidance on security breach management, including, amongst other things, “voluntary” notification.  The European Commission also proposed that telecommunications operators and internet service providers should be required to notify affected persons about breaches.  Below we outline the movement towards security breach notification in Europe and the lessons to be learned from the experiences in the and , which both have security breach laws in place. 

Read the entire article on martindale.com