EBF therefore have reservations about introducing even more information requirements if these resulted in a flood of information which customers would be unable to process.
Introducing an obligation to notify personal data breaches for other sectors than the telecommunications sectors appears however quite disproportionate to the EBF.
At present, banks notify their customers for instance if their credit card has been skimmed (i.e. information about a card and the associated PIN-code is copied for the purpose of manufacturing a fake card). It is also in the bank’s interest to protect their customers against fraud and sustain a very high level of security. The banks can also be held liable for damages their customers may suffer due to deficiencies in their IT- security systems.
The banks test and update their systems and security solutions regularly to make sure that the information in the bank’s system is always well-protected and secure. The transfer of information between the customer´s computer and the online banking system is always encrypted. The customer must also make sure that his/her computer, codes and personal information are protected to prevent the possibility of fraud. To avoid “data breaches” it would be more effective to inform customers on how to protect their own computers, never disclose their bank account details to unknown persons etc.
A mandatory personal data breach notification system could first give rise to organisational concerns since the implementation of such a system of notification could first lead to an administrative burden and in fact risk delaying the process of contacting customers when necessary.
© EBF
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article