Bill on obligation to report data leakage sent to the House of Representatives

Today, Mr Teeven, the State Secretary for Security and Justice, sent the bill on the obligation to report data leakage to the House of Representatives, also on behalf of Mr Plasterk, the Minister of the Interior and Kingdom Relations, and Mr Kamp, the Minister of Economic Affairs.

Both private and public organisations processing personal data will soon be obliged to report any security breaches resulting in theft, loss or misuse of personal data. So this will include more organisations than providers of electronic communications networks and services which, under the Telecommunications Act, are already subject to an obligation to report theft, loss or misuse of personal data of subscribers or users. The purpose of the obligation to report is to have a better protection of personal data.

A security error may result in large amounts of personal data being made public. The supervisory authority - the Dutch Data Protection Authority - will receive a notification. Moreover, in many cases, the person whose personal data are at issue will also receive a notification if the breach will probably have negative consequences for his or her privacy. In case of any failure to report, the Dutch Data Protection Authority may impose a maximum fine of 450,000 euros.