The European Commission has launched a public consultation on the circumstances, procedures and formats for personal data breach notifications under the ePrivacy Directive. The introduction of a European Data Breach Notification requirement for the electronic communication sector, for example Internet Service Providers was introduced in the review of the ePrivacy Directive (2002/58/EC), ‘Article 4’.
Higher data security for citizens
This is an important development to increase the level of data security for citizens in Europe. Citizens will now be better assured of how their personal data is being secured and protected by electronic communication sector operators. Such assurances are crucial for trust in the digital economy. At the same time, the Internet Service Providers are now invited to give their input as to ensure that the measures are suitable and adequate at practical, implementation levels.
The consultation is open to all interested stakeholders and contributions are welcome until 9 September 2011.
The Agency’s role has been to develop guidelines for the technical implementation measures. Furthermore, if the Commission proposes technical implementing measures, it will have to consult the European Network and Information Security Agency (ENISA), the Article 29 Data Protection Working Party and the European Data Protection Supervisor (EDPS), as well as communications regulators in the Member States.
Earlier references to ENISA work on Data Breaches Notification;
Workshop, Jan., 2011
Data Breach Notification Report, Jan., 2011
Seminar, Oct., 2010.
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!