Considering the European Union’s status as a bastion of privacy in the digital age, it may come as a surprise that currently, the EU prescribes no breach notification requirements (BNR) for financial institutions. The explanation for this conspicuous lacuna derives partly from an accident of history and partly from the same political forces that have…