Personal data breach notification law may be in the works for Europe

A May 6 article in the New York Times (“E.U. To Consider More Stringent Reporting of Data Breaches“) includes quotes an opinions from a number of people suggesting that the European Union may be heading for a comprehensive breach notification law requiring public and private sector organizations to tell people when their personal information has been lost or disclosed. While the vast majority of states in the U.S. have some form of breach notification law, there in not yet a federal standard, with the possible exception of the disclosure requirements for breaches of unsecured personal health information contained in the American Recovery and Reinvestment Act. As noted in the Times article, “Most European countries, including Britain, do not require businesses or other entities to notify the public when they lose personal data, although some do so voluntarily.”