EU lawmakers and member states agree on first cyber-security law

10 Dec 2015News

Mandatory breach requirement has 'boy who cried wolf' element, says data protection partner

The European Parliament and governments of EU member states have agreed the first cyber-security law, making it mandatory for companies to report serious breaches or face sanctions.

After lengthy negotiations between the parties, an agreement was reached for a new Network and Information Security (NIS) Directive, amid the ongoing threat of cyber-attacks.

The security and breach notification requirements apply to companies that provide essential services in the transport, energy, health, and finance sectors.

Online companies including Google, eBay, and Amazon all come under the measure.

Andrus Ansip, the European Commission's digital chief, said the new law would increase consumers trust in internet services.

'The internet knows no border - a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cyber-security solutions. This agreement is an important step in this direction,' he remarked.

Commenting on the news, Nicola Fulford, a data protection partner at Kemp Little, said the mandatory breach requirements could prove ineffective in the long term.

'The risk with this situation is that consumers can get data breach fatigue - they become jaded and stop paying attention to data breach notifications,' she remarked.

'The likely result here is inaction. After a certain number of warnings consumers fail to follow practical advice from banks or merchants to help mitigate the impact of a data breach.'

Fulford added that there was element of a 'boy who cried wolf', which was 'one argument against mandatory breach notifications'.

In acknowledging the UK has no mandatory reporting law, Fulford said: 'An organisation's first priority should be to stop breaches from happening in the first place.

'The mandatory security provisions in the NIS Directive will hopefully encourage companies to bolster their security systems and prevent attacks from happening.'

Matthew Rogers is an editorial assistant at Solicitors Journal matthew.rogers@solicitorsjournal.co.uk | @sportslawmatt

Supreme Court decision in Sharp Corp Ltd v Viterra BV

Varun Zaiwalla, a distinguished barrister at Zaiwalla & Co, representing the respondent, provided insightful commentary on the implications of this decision

Practice Notes8 May 2024

Meditation for separating couples: compassion not compulsion

Jessica Reid explores the benefits of a flexible mediation approach as opposed to dispute resolution

International8 May 2024

How dual listings enhance market access and liquidity

Thomas Kim and Kenneth Lee highlight how dual listings, like MAC's recent venture, offer firms expanded access to global capital markets

News8 May 2024

Ofcom warns social media platforms of potential under-18 ban for non-compliance

Hanna Basha, Partner at Payne Hicks Beach, highlights the significance of Ofcom's stance, particularly in light of its ongoing investigation into OnlyFans

Interview17 Apr 2024

SJ Interview: James Hartley

James Hartley had an ‘out of body experience’ watching the actor John Hollingworth play him in the ITV drama Mr Bates vs The Post Office. A Partner and National Head of Dispute Resolution at Freeths, James speaks to the Solicitors Journal about the Post Office case, what adequate justice would look like for those impacted, and the reforms that he would like to see as a result of the scandal.

Foreword1 May 2024

A time of growth

The foreword for the May 2024 volume