[ISN] European Union proposal could foil U.S. hacker probes

From: InfoSec News <alerts_at_private>
Date: Mon, 30 Jan 2012 00:24:33 -0600 (CST)
http://www.nextgov.com/nextgov/ng_20120127_6325.php

By Aliya Sternstein
Nextgov
01/27/2012

Internet privacy protections that the European Commission introduced 
this week could undermine American investigations into stateside data 
breaches, some security and legal experts say.

Several of the reforms focus on safeguarding data in the cloud, where 
online applications are managed by an offsite company's computer 
centers. Europe's proposed rules would require U.S.-based cloud 
computing providers with European Union customers to notify EU 
authorities of a data breach within 24 hours of detection.

"There are no borders online and cloud computing means data may be sent 
from Berlin to be processed in Boston and stored in Bangalore," 
commission officials noted when unveiling their agenda Wednesday. The 
recommendations require data handlers to "notify data breaches without 
undue delay to both [EU] data protection authorities (which, where 
feasible, should be within 24 hours) and the individuals concerned."

But some corporate attorneys say the 24-hour rule could focus efforts on 
documenting an incident at the expense of resolving it. Often, American 
authorities and U.S. firms prefer to keep details of a compromise on the 
down low until they understand the extent of an intrusion.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
Received on Sun Jan 29 2012 - 22:24:33 PST

This archive was generated by hypermail 2.2.0 : Sun Jan 29 2012 - 22:28:14 PST