The proposal, which looks likely to become an Act, could also force organisations to declare all their data losses where certain conditions are involved, typically where sensitive, personal or financial data has been lost.
The move has been applauded by ISACA, the not-for-profit IT security association. "The Irish data commissioner has reportedly published the draft code in response to the recent recommendations of the data protection review group established by Dermot Ahern, the Irish Minister for Justice", said Rolf von Roessing, the association's international vice president.
According to von Roessing, the proposed code of conduct formalises the situation regarding data losses or thefts in the Republic of Ireland and, as such, will act as a reference model for other European countries.
The proposal means that most larger businesses in Ireland will have to report data thefts of most types as they occur, should the code of conduct be ratified as an Act.
Identity theft, he added, has now become a serious cybercrime problem, with criminal gangs selling personal data between themselves like never before. "It has been more than 25 years since the original UK Data Protection Act came into force, and since then, computers and the internet have changed our lives largely for the better", he said.
"The same is true for Ireland and most other countries and this is why we welcome this proposal by the Irish Data Commissioner's Office, as it formalises what has been best practice in many organisations to date", he added.