Banks will be among companies forced to notify authorities of “serious” leaks of customer data in a crackdown after hackers targeted Sony Corp. and Sega Sammy Holdings Inc., the European Union’s top privacy official said.
Recent “data theft scandals” show that all industries, including financial companies, should do more to keep customers’ personal data secure, EU Justice Commissioner Viviane Reding said today in London, according to prepared remarks.
“I understand that some in the banking sector are concerned that a mandatory notification requirement would be an additional administrative burden,” said Reding. Such an obligation “is entirely proportionate and would enhance consumers’ confidence in data security and oversight.”
Data breaches at Tokyo-based Sony and other companies have sharpened regulators’ scrutiny of how businesses safeguard consumer information and notify the public about cyber attacks. Sony has been criticized by lawmakers for taking six days to disclose an attack that exposed 100 million customer accounts and prompted the temporary shutdown of the company’s PlayStation Network.
Sega, a Japanese game maker, suspended some online services after discovering a leak of personal data including names and e-mail addresses on almost 1.3 million customers at its European unit. No customer credit-card data was compromised.
“Whether it is the PlayStation, Google or Facebook, I can well understand if users lose trust in the internet and in companies offering online services,” Reding said.
A mandatory requirement to notify data breaches is already in place in the EU for telecommunications and Internet access, she said.