News Item

Data Breach Notifications analysed

The Executive Director participated in a high level panel at the European Data Protection and Privacy conference , subtitled 'Creating a modernized and harmonized regulatory framework' in Brussels on 30/11/2010 on the topic: 'Data Breach Notification – time for mandatory notification requirements?'

Published on November 30, 2010

Data Protection and Privacy is paramount for trust in the digital society and its economy.

The Executive Director, Dr Udo Helmbrecht briefly outlined his main points before a public discussion and Q&As followed.

Pls find two brief PPTs attached.



Art. 4 of ePrivacy Directive (2002/58/EC)  which relates to personal data breaches. (Please differentiate this from the Agency work related to security breaches -which is a different matter of a wider scope, but also part of the updated Telekom package.

Data breach notification laws have often a high level of success where they have been introduced. They are encouraging organisations to take a multi-layered approach to security in order to both secure information and protect their reputation.

Practical questions however arise regarding the data breach notifications (DBNs). What constitutes a security breach?  Should data breach notification laws be all encompassing, or should exceptions be in place depending on the sector, or the type, of data concerned? Etc.


Participants; Other high-level panel participants included:

David Smith, Deputy Commissioner & Director of Data Protection, UK ICO, Jim Halpert, Partner - Communications, E-Commerce & Privacy, DLA Piper,
Steve Kenny, Head of EU Privacy, Ebay Inc.


Full agenda:



Stay updated - subscribe to RSS feeds of ENISA news items & PRs!

News items;



We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information