EC launches consultation on data breach legislation covering telecoms and ISPs

News

EC launches consultation on data breach legislation covering telecoms and ISPs

Warwick Ashford

The European Commission has launched a public consultation on whether additional rules are needed to ensure telecoms operators and internet service providers (ISPs) report personal data breaches in a consistent way across the EU.

The data breach notification (DBN) requirement for the electronic communications sector was introduced in the review of the ePrivacy Directive (2002/58/EC), and is regarded by the European Commission (EC) as vital to shoring up data security in Europe.

In May this year, the EC released the revised ePrivacy Directive (2009/136/EC) that requires telecoms operators and ISPs to make breaches public.

This consultation will provide the industry with the opportunity to give feedback on existing practice and initial experience with the new telecoms rules.

The EC may then propose additional practical rules to make clear when breaches should be reported, the procedures for doing so and the formats that should be used.

Neelie Kroes, Commission vice-president for the Digital Agenda, said the duty to notify data breaches is an important part of the new EU telecoms rules.

"But we need consistency across the EU so businesses don't have to deal with a complicated range of different national schemes. I want to provide a level playing field, with certainty for consumers and practical solutions for businesses," Neelie Kroes said.

 

What the EC wants to know

The consultation seeks feedback on how organisations intend to comply with the data breach notification rule. The EC also seeks consultation on what types of breaches would require notification.

The EC wants feedback on how long organisations should be allowed to take before notifying of a breach, what the notification should contain and what procedures should be used.

In addition, the Commission wants to learn more about cross-border breaches and compliance with other EU obligations relating to security breaches.

The consultation will close on 9 September 2011 and if, after considering the feedback, the EC decides to introduce technical implementing measures, this will be done in consultation with the European Network and Information Security Agency (ENISA), the Article 29 Data Protection Working Party and the European Data Protection Supervisor (EDPS).


Read more about EC data legislation


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy