Skip Navigation

News & Events

Personal Data Security in the U.S. and the E.U.

Personal Data Security in the U.S. and the E.U.
Is The E.U. lagging behind?

13 March 2007

The issue of notification of personal data security breaches has become an increasingly hot topic of discussion in recent months.

On both sides of the Atlantic, high-profile personal data security breaches are being reported on a weekly basis. In the U.S., new, sophisticated legal protections have been adopted at state level since 2003.

As a result of these new U.S. laws, questions have been posed as to the adequacy of the protections currently afforded in the E.U. and the possible effect of any inconsistencies in these levels of protection on companies doing business in both the U.S. and Europe. As a consequence, companies may be forced to admit when customer data has been lost or stolen from them.

New revised directives from the European Commission on the E.U. regulatory framework for electronic communications are anticipated to be implemented by 2010. It seems that the Commission's proposals, while going some way toward addressing the shortfalls in E.U. laws in respect of security breach notification, do not go far enough. The U.S. position, for example that of the State of California, is much more far-reaching and obligates all persons, companies, government agencies and non-profit organisations which do business in California, regardless of geographic location, to notify security breaches. The Commission's proposals only seem to apply to ISPs, network operators and certain other electronic communication operators.

According to Philip Nolan, a partner at Mason Hayes & Curran, "The irony of the situation is that the U.S. is typically regarded as providing a less than adequate legal infrastructure in relation to personal data protection compared to Europe. Clearly, this position needs to be qualified at least, if not revised, when one appreciates the significance of effective security breach notification laws in the overall scheme of personal data protection.

"In fact, with increasing levels of identity theft and credit card fraud, it seems that personal data security breach notification rules will provide a far more practical solution to the dangers presented to personal data in the information age than directives high on principles but low on detail."

Attribute to Philip Nolan, Partner, Mason Hayes & Curran.

Philip is a partner in the commercial department at Mason Hayes & Curran. For more information, please contact Philip at pnolan@mhc.ie or + 353 1 615078.The content of this article is provided for information purposes only and does not constitute legal or other advice. Mason Hayes & Curran (www.mhc.ie) is a leading business law firm with offices in Dublin, London and New York.

© Copyright Mason Hayes & Curran 2007. All rights reserved.

 

 

Contact Us

  • Ireland

    t +353 1 614 5000
    f +353 1 614 5001
    e mail@mhc.ie

    South Bank House,
    Barrow Street,
    Dublin 4 Ireland.

  • UK

    t +44 20 3178 3368
    f +44 20 3178 3367
    e mail@mhcldn.com

    60 Lombard Street,
    London EC3V 9EA,
    UK.

  • USA

    t +1 212 786 7376
    f +1 212 786 7316
    e mail@mhcny.com

    330 Madison Avenue,6th Floor,
    New York NY 10017 ,
    USA.