Blog Post

Disclosure of your personal information can expose the most private details of your live and leave you vulnerable to identity theft. Unfortunately Irish law doesn’t require companies to tell you when their security has been compromised and your personal information stolen. The first you might know of it is when you discover that your fraudulent alter ego has enjoyed a spending spree on your credit card or run up huge debts in your name. But by then it’s too late.

We believe that this should be changed. Since 2003 California has had a law which requires companies to warn customers whose data has been compromised. This enables victims to take steps to protect themselves (such as cancelling credit cards), and has proven to be very successful. We believe that Irish customers deserve equal protection.

The EU Commission is now proposing something similar to the Californian law, though more limited. The proposal applies to “electronic communications services” (such as telephone or internet services) and would require providers to “notify their customers of any breach of security leading to the loss, modification or destruction of, or unauthorised access to, personal customer data.”

As the Commission dryly notes, this disclosure requirement would “create an incentive for providers to invest in security”. More importantly, it will set a precedent which will help to bring in a wider law requiring warnings in all areas, not just telecommunications.

To support this proposal you can send an email to the Commission, cc.d to our Department of Communications. Click here to send a prepared email of support – you need only fill in your name and [optional] address. (Your email may be published on the Europa website unless confidentiality is requested. Where confidentiality is requested, neither the name of the contributor nor the contribution will be published.)

Full details of the proposal (See p.29 of a long PDF file.)