Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

New EU data protection rules due this week

Companies would be required to immediately disclose breaches, and individuals would get the "right to be forgotten" under a European Union proposal.

internet security hack lock computer
CBS

Companies will be required to disclose security breaches within 24 hours of their occurrence under European Union proposals being made this week to strengthen data protection rules.

New rules are needed to protect consumers and reduce bureaucracy, EU Justice Commissioner Viviane Reding said in a speech at a conference today in Munich.

"Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay," Bloomberg quoted Reding as saying at the DLD conference. "European data protection rules will become a trademark people recognize and trust worldwide."

Individuals would be granted new rights under the proposal, including a "right to be forgotten" that would allow them to request their information be erased, according to a draft obtained by Reuters. In addition, a "right to data portability" would allow individuals to easily transfer their personal information between companies. Member states would be allowed to fine companies up to 1 percent of their global revenues for violating EU rules, Reuters reported.

The new data-protection rules, which are expected to be announced Wednesday, are still subject to the legislative process and may still be revised during the next two years.

The rules are designed to address the concerns of consumers snared in security breaches suffered last year by Sony and Citigroup. One of the chief complaints from PlayStation Network customers was how long Sony took to inform them of the breach. Sony waited more than a week to inform its 77 million customers that their personal information had been illegally accessed in April 2011.

About 3,400 Citigroup credit card customers suffered a loss of $2.7 million during a May 10 hacking, but the company waited nearly a month to disclose the security breach on June 8.