European Commissioner Viviane Reding said she will push member states to adopt a proper data breach notification law - something the Information Commissioner in the UK has failed to get.
Such a law would force businesses to tell people if their private data has been lost or stolen. Data controllers in the UK have no obligation to tell people, but they are supposed to inform the Information Commissioner's Office.
Viviane Reding told the European Parliament debating telecoms regulations: "I have to make two declarations in response to points raised by parliamentarians. The first one clarifies that the Commission will promote a wide debate on the scope of universal service and will come forward with early proposals as necessary. The second states that the Commission will start work without delay to consult widely and make proposals relating to the extension of data breach notification requirements in other sectors."
EU telecoms law will impose a breach notification onto telecoms and internet service providers and it seems Reding thinks this should be extended - something the UK has resisted.
The Information Commissioner's Office said legislation was a matter for government and warned: "Should legislation be proposed to compel UK organisations to notify people when a data breach occurs, it must be properly considered before it is introduced in the UK."
The role of the ICO and of data protection legislation was reviewed after Her Majesty's Revenue and Customs lost details on almost every UK family.
The issue of breach notification was much debated in the wake of this loss. Some observers felt the DPA should be strengthened to include such a requirement while others felt it would damage the relationship between the ICO and the institutions it regulates. ®