It's been a big week for security legislature! Ireland is now considering a Data Security Breach Code of Practice. The Data Protection Review Group was established to consider "how to ensure that the reporting obligations of organisations in relation to data security breaches are sufficiently robust to protect the rights of data subject."
A draft of the Data Security Breach Code of Practice has been published by the Data Protection Commissioner here. The Code lays out the circumstances under which a breach must be reported to the Commissioner. The Commissioner, upon review of the report, could then compel the company to disclose the breach to those affected. If companies have failed to protect data with basic security measures, they will be required to disclose this.
This code, by requiring companies to fess up to improper security measures, can hopefully help other companies see, and learn, from the mistakes made in developing safe security practices.