The European Commission is finalizing privacy protection rules where companies could be fined up to five percent of their global sales for mishandling the data of customers, suppliers, or employees. Because the law would apply to foreign companies with branches in Europe, it gives the EU significant power to regulate privacy worldwide. Under the proposed system, all companies with more than 250 employees would be required to have dedicated data protection staff, and businesses would have 24 hours to notify authorities of a security breach. (Sony would have failed that requirement with the recent PlayStation Network outage, an event that played into the US SEC's decision to set guidelines for disclosing cyber attacks.)
Since the EC members' national governments must approve and implement the new measure, finalizing it could take up to 4 years to complete, according to the Financial Times. Even if the EU's got your back, it's still a good idea to minimize how much you reuse your passwords.