The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) has received 3,400 reports of data leaks since new rules on reporting such incidents took effect 01 January. AP vice chairman Wilbert Thomesen told BNR that this was not considered a high amount, given the around 135,000 businesses and organisation handling personal data that are required to report breaches. The new requirement is aimed at at ensuring businesses are open about such incidents.
Compare that to what the UK’s Information Commissioner’s Office reported – that they’ve received 548 new cases since January 1. Although that is reportedly a 22% increase over the previous quarter for the UK, 3400 reports to the DDPA vs. 548 to the ICO? The U.K. continues to have a weak requirement for mandatory reporting.
Of course, we have no idea what number have been reported in the U.S. during the same time period because we have no centralized/federal reporting system and no federal data breach notification law.