

Business must report data breaches to public, EU says - teralaser
http://www.zdnet.co.uk/news/security-management/2011/06/21/business-must-report-data-breaches-to-public-eu-says-40093172/

======
mrspandex
In the US, software regulated under HIPAA must report many breaches through a
public website. I know my company is extremely serious about preventing
breaches, and I would not be surprised if this law would make companies take
things more seriously. Of course, there may be too many breaches for it to
have any consequence.

------
makmanalp
I think the criteria of reporting should be something along the lines of "If
the data that was stolen is the user's, then report to the user". If it can't
be determined what was stolen, just report to everyone. This should be an
embarrassing situation for the company.

~~~
teralaser
It is probably not of the greatest interest to hn users, but banks, afaik ,
report - but not to the public, where I live (except for creditcard leaks).
Wouldn't a major leak potentially create a bank run?

~~~
erikabele
This, again, is just a question of education - create sane citizens not
idiots.

~~~
teaspoon
You don't need to be uneducated, insane, or an idiot to withdraw all of your
money when you suspect that your bank is going to fail. It can be an
individually rational move even if you merely suspect _that other customers
suspect_ that your bank is going to fail.

