The forthcoming amends to the Data Protection Directive have been given a partial thumbs up by the Information Commissioner’s Office (ICO) however, it views some changes as: “unnecessarily and unhelpfully over-prescriptive”.
A statement was issued that stated that the ICO supported the modernisation of the data protection laws given that those in IT security jobs were faced with increasingly sophisticated networks and the sharing of mass information alongside:
“the ever-growing online collection of personal data” had caused consumers to powerless when attempting to manage their personal data.
The ISO applauded changes made by Viviane Reding at the European Commission to ensure that privacy is central to system design and that assessments are made to ensure businesses have the correct processes in operation to protect personal data.
The aim of the changes is to simplify the current laws and provide each company with one authority. Major security breaches will need to be reported on within 24 hours also.
On the other hand the ICO also commented:
“While recognising that there is inevitably some tension between the drive for harmonisation of data protection standards across the European Union and his desire for flexibility in focusing obligations on processing that poses genuine risks, the commissioner believes that in a number of areas the proposal is unnecessarily and unhelpfully over-prescriptive. This poses challenges for its practical application and risks developing a ‘tick-box’ approach to data protection compliance. The proposal also fails to properly recognise the reality of international transfers of personal data in today’s globalised world and misses the opportunity to adjust the European regulatory approach accordingly.”
The impact to those in information security jobs is likely to be significant so keeping abreast of the changes is recommended.