Only one in ten UK firms say they are ready for the European Commission's proposed data protection directive. A survey of 200 firms employing more than 1,000 staff by OnePoll found 87% admitting they would not be able to identify individuals affected by a data breach within the EC’s proposed 24-hour time frame. In addition, 13%said it would take them between a week and one month to pinpoint which customer data was affected, while six percent did not believe they would ever be able to accurately obtain this information.
The LogRhythm research found that 72% believed the new EC breach disclosure rules would put them at risk of "over-disclosure". This is when organisations are forced to reveal more information than is strictly necessary, for example notifying every individual who might have been affected by a breach, rather than just those who definitely were.