News Item

Data Breach Notifications analysed

The Executive Director participated in a high level panel at the European Data Protection and Privacy conference , subtitled 'Creating a modernized and harmonized regulatory framework' in Brussels on 30/11/2010 on the topic: 'Data Breach Notification – time for mandatory notification requirements?'

Published on November 30, 2010

The Executive Director, Dr Udo Helmbrecht briefly outlined his main points before a public discussion and Q&As followed.

Pls find two brief PPTs attached.



Art. 4 of ePrivacy Directive (2002/58/EC)  which relates to personal data breaches. (Please differentiate this from the Agency work related to security breaches -which is a different matter of a wider scope, but also part of the updated Telekom package.

Data breach notification laws have often a high level of success where they have been introduced. They are encouraging organisations to take a multi-layered approach to security in order to both secure information and protect their reputation.

Practical questions however arise regarding the data breach notifications (DBNs). What constitutes a security breach?  Should data breach notification laws be all encompassing, or should exceptions be in place depending on the sector, or the type, of data concerned? Etc.


Participants; Other high-level panel participants included:

David Smith, Deputy Commissioner & Director of Data Protection, UK ICO, Jim Halpert, Partner - Communications, E-Commerce & Privacy, DLA Piper,
Steve Kenny, Head of EU Privacy, Ebay Inc.


Full agenda:



Stay updated - subscribe to RSS feeds of ENISA news items & PRs!

News items;



This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies