On the heels of a major Internet company revealing that user data was compromised, the European Commission is enacting new rules that dictate what exactly telecoms operators and Internet service providers (ISPs) should do if their customers’ personal data is lost, stolen or otherwise compromised.

The purpose of the European Commission’s “technical implementing measures” is to ensure all customers receive equal treatment across the EU in case of a data breach, and to ensure businesses can take a consistent approach to these problems if they operate in more than one country, according to European Commission Vice President Neelie Kroes.

“Consumers need to know when their personal data has been compromised, so that they can take remedial action if needed, and businesses need simplicity. These new practical measures provide that level playing field,” Kroes said in a statement.

One example of the new rules is that telecom operators and ISPs must “inform the competent national authority of the incident within 24 hours after detection of the breach, in order to maximize its confinement. If full disclosure is not possible within that period, they should provide an initial set of information within 24 hours, with the rest to follow within three days.”

In addition, ISPs will have to outline which pieces of information are affected and what measures have been or will be applied by the company.

Last week, Facebook (News - Alert) sent out warning e-mails to 6 million users whose personal information has been compromised by the security bug it confirmed on June 21. The accident was caused by a “bug” as Facebook collected data from its 1.1 billion users, news reports said.

“The practical impact of this bug is likely to be minimal since any e-mail address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another,” Facebook said in the blog post.

In addition to the European Commission’s new data protection rules, it will also publish a list of technological protection measures such as encryption techniques that would render the data unintelligible to any person not authorized to see it.