December 8, 2011 - Financial services firms may have to appoint chief data protection officers under new rules being drawn up the European Commission.Bureaucrats in Brussels are putting the finishing touches to a new set of legislation designed to reform data protection laws across the EU. The new rules will give greater powers to citizens to control their own personal data and impose restrictions on the use of that data by public and private sector bodies.
An early leak of a provisional draft of the new proposals includes provisions for the introduction of a "mandatory data protection officer for the public sector, and, in the private sector, for large enterprises or where the core activities of the controller or processor consist of processing operations which require regular and systematic monitoring".
In a speech given earlier this week to the working party drawing up the rules, EU justice commissioner Viviane Reding, said: "I intend to strengthen data protection officers in the public sector, in large companies and in companies doing risky processing....I also want to extend data breach notifications to all sectors. Data controllers will have to report security breach incidents to data protection authorities and to the individuals whose personal information has been compromised."
This latter action is causing hearts to flutter in the financial sector. According to documents seen by the Financial Times, the EC's proposals also include the ability to fine businesses up to five per cent of turnover for data breaches.
Reding has yet to provide any details on whether the proposals will be enshrined as legislation applicable across all EU member states, or imposed as a Directive, which can be watered down at national level. The finished document is likely to get its first airing on Data Protection Day, 25 January.