Vivane Reding, vice-president of the European Commission and an EU Justice Commissioner, explained how the mandatory requirement, which already applies to telecoms and internet access, could help to improve consumer trust.
In her speech to the British Bankers’ Association’s Data Protection and Privacy Conference today, she said: “I understand that some in the banking sector are concerned that a mandatory notification requirement would be an additional administrative burden.
“However, I do believe that an obligation to notify incidents of serious data security breach is entirely proportionate and would enhance consumers’ confidence in data security and oversight mechanisms.
“It would also create a stronger incentive for business to conduct serious risk assessments to protect personal data and to implement the appropriate security measures protecting the confidentiality, the integrity and the availability of personal data.”
Her announcement came on the back of recent attention drawn to security breaches, with Sony’s PlayStation Network the victim of hacking which saw the theft of millions of users’ data.