EU security agency calls for breach notification law

EU countries need a "digital fire brigade"

The European Union's (EU) online security body is calling for a continent-wide law requiring firms to notify customers of data security breaches.

Internet security is vital to the EU's economy, says the European Network and Information Security Agency (Enisa) in a report.

Andrea Pirotti, executive director of Enisa, said the EU should adopt a US-style notification law.

"Enisa calls for the EU to introduce mandatory reporting on security breaches and incidents for business, just as the US has already done," he said.

Pirotti also called for more funding for his agency. Enisa has a budget of €8m (£6.3m) a year and a staff of 50.

The agency is an information-sharing body – it has no powers to police or prosecute cyber terrorism and cyber crime.

Pirotti said European countries need a "digital fire brigade" – an emergency response team to help with attacks such as those on Estonia last summer.