http://www.nextgov.com/nextgov/ng_20120127_6325.php By Aliya Sternstein Nextgov 01/27/2012 Internet privacy protections that the European Commission introduced this week could undermine American investigations into stateside data breaches, some security and legal experts say. Several of the reforms focus on safeguarding data in the cloud, where online applications are managed by an offsite company's computer centers. Europe's proposed rules would require U.S.-based cloud computing providers with European Union customers to notify EU authorities of a data breach within 24 hours of detection. "There are no borders online and cloud computing means data may be sent from Berlin to be processed in Boston and stored in Bangalore," commission officials noted when unveiling their agenda Wednesday. The recommendations require data handlers to "notify data breaches without undue delay to both [EU] data protection authorities (which, where feasible, should be within 24 hours) and the individuals concerned." But some corporate attorneys say the 24-hour rule could focus efforts on documenting an incident at the expense of resolving it. Often, American authorities and U.S. firms prefer to keep details of a compromise on the down low until they understand the extent of an intrusion. [...] _____________________________________________________ Did a friend send you this article? Make it your New Year's Resolution to subscribe to InfoSec News! http://www.infosecnews.org/mailman/listinfo/isnReceived on Sun Jan 29 2012 - 22:24:33 PST
This archive was generated by hypermail 2.2.0 : Sun Jan 29 2012 - 22:28:14 PST