Dr Bernold Nieuwesteeg of Erasmus School of Law investigated, together with colleague Prof. Michael Faure and Prof. Michel van Eeten of the TU-Delft, the effect of the data breach reporting obligation as commissioned by the Cyber Security Council (CSR). They concluded that the effect and the social potential of the reporting obligation regarding data breaches could be better utilized; among other things, by making the data breach database available for scientific research.
Minister Grapperhaus of the Ministry of Justice and Security has reacted positively on the recommendations from the CSR this week. These recommendations came about as a result of the investigation into the effect of obligations to report data breaches. They included a project proposal for - under strict conditions - giving access to the database of data breaches reported to the Dutch Data Protection Authority (DDPA) for scientific and statistical research. The data will be made accessible through the Central Bureau of Statistics (CBS) and will be stripped of personal data and company names in advance.
Nieuwesteeg and Faure, who are affiliated with the Centre for the Law and Economics of Cyber Security (CLECS), collaborated closely with the Economics of Cyber Security GroupOpens external of the TU-Delft.
Following the report, the CSR and the AP recently came to the recommendation to make actual data breaches available for scientific purposes. The aim is to come to general advice and suggestions for improving the security of personal data.
"This is unique," said Bernold Nieuwesteeg. "Nowhere in the world have registers of data leaks been made available in this way, while there is a great need for transparency and data sets regarding data leaks." Because of the positive response from Minister Grapperhaus, who received the CSR's advice this week, in-depth research may soon be conducted into trends and the nature of data breaches, as well as the effectiveness of investments in cybersecurity.
He continued: "We expect and hope that other countries and institutions will also take important steps towards making data leaks available so that trends can be explored and compared worldwide."
This article was first published on 14 February 2020 by Erasmus University Rotterdam.