The introduction of a European data breach notification requirement for the electronic communication sector introduced in the review of the ePrivacy Directive (2002/58/EC) is an important development. It has the potential to increase the level of data security in Europe and foster reassurance amongst citizens on how their personal data is being secured and protected by electronic communication sector operators.
Following a seminar on ‘Responding to data breaches’ jointly organised with the EDPS, in 2010 ENISA reviewed the current situation with the aim to develop a consistent set of guidelines addressing the technical implementation measures and the procedures as described by Article 4 of the reviewed Directive 2002/58/EC. In this light, ENISA surveyed regulatory authorities, legal experts, private companies and industry experts to better understand the challenges facing the telecommunications sector in the face of mandatory notifications for data breaches. The objective of this work, the results of which are expected to be published during Q4/2010, is the development of best practices designed to assist both regulators and telecoms operators taking into account:
- best practices for preventing, managing and mitigating the occurrence of data breaches from the point of view of the data controller and the industry/providers;
- gathering experience on data breach notification management from other business sectors (e.g. healthcare, finance sector, etc.) investigating similarities and differences in their approaches;
- views of Data Protection Authorities and industry on the notification of data breaches to the citizens affected and in those cases on the type of information to be provided;
- benefits from a pan-European approach for any of the above areas.
Against this background ENISA has organised on January 24 an one day workshop with twofold objectives. On the one hand this workshop provided an opportunity to present the results of the above mentioned work, while on the other it served as a forum for the exchange of ideas on the way forward.
Presentations from the workshop are available in the section Agenda.