Software company needs to tell market researchers more about data breaches

Software provider Nebu needs to provide market researcher Blauw with more information about the massive data breach that surfaced last month. This was decided by the Rotterdam court in preliminary legal protection proceedings against Blauw, a client of Nebu. The company has two days to provide Blauw with all available information.

The cause of the lawsuit was a breach of Nebu’s computer systems last month. They contain data from millions of Dutch people surveyed by Blauw. This company conducts market research for companies such as NS, Vodafone, Ziggo, CZ, Friends of Amstel Live, ArboNed and Trevvel. The research agency repeatedly asked Nebu for more information after the data breach, but said it did not receive enough information.

The court has now ruled on the latter. The court also notes that Nebu did not conduct or even initiate an independent forensic investigation. “This makes it more reasonable for Blauw to ask for information,” the judge said. Nebu is given five days to hire an independent investigator and send him to work. The outcome of this investigation must be reported to Blauw without delay by the court.

Nebu was reluctant to reveal it because of the possibility that the software company’s confidential information could fall into Blauw’s hands. The judge describes it as an “inevitable outcome”. However, Blauw had to be “careful” with all information from the judge.

Nebu should notify Blauw almost immediately if new discoveries of the data breach are made: this must be done within four hours of discovery. The judge also forces Nebu to send Blauw an update about the data breach twice a day thereafter.

Top man Jos Vink van Blauw is happy with the decision as a backlash. In his view, the court made it clear that information sharing agreements cannot be ignored in the event of data breaches. “You make prior agreements on this and that’s what the General Data Protection Regulation is for,” he emphasizes. “We cannot tell our customers whether their data has been stolen.”

Source: NOS

follow:
\