ENISA
https://www.enisa.europa.eu
Security and Privacy, Two Sides of the Same Coin
https://www.enisa.europa.eu/news/enisa-news/security-and-privacy-two-sides-of-the-same-coin
ENISA Annual Privacy Forum 2019No publisherPrivacy by DesignData protectionPrivacy2019/06/13 17:20:00 GMT+2Press ReleaseSecurity and privacy standardization for the SME community
https://www.enisa.europa.eu/about-enisa/structure-organization/national-liaison-office/meetings/march-2015/presentations/presentation-nlos-cgm-v2.pdf/view
No publisherPrivacyNational Liaison Officer (NLO)2015/03/12 17:14:28 GMT+2FileSécuriser les données personnelles : Les directives de l'ENISA relatives aux solutions cryptographiques
https://www.enisa.europa.eu/news/enisa-news/prs-in-german/securiser-les-donnees-personnelles-les-directives-de-l-ENISA-relatives-aux-solutions-cryptographiques/view
L'ENISA lance aujourd'hui deux rapports. Le rapport de 2014 « Algorithmes, taille clé et paramètres » est le document de référence fournissant un ensemble de directives aux preneurs de décisions, en particulier, les spécialistes qui conçoivent et mettent en oeuvre les solutions cryptographiques pour la protection des données personnelles au sein des organisations commerciales ou des services gouvernementaux pour les citoyens. L' « étude sur les protocoles cryptographiques » fournit une perspective de mise en oeuvre, en couvrant les directives relatives aux protocoles exigées pour protéger les communications commerciales en ligne contenant des données personnelles.No publisherPrivacy2014/11/21 13:00:00 GMT+2FileSecuring Personal Data: ENISA guidelines on Cryptographic solutions
https://www.enisa.europa.eu/news/enisa-news/securing-personal-data-enisa-guidelines-on-cryptographic-solutions
No publisherPrivacy2014/11/21 13:00:00 GMT+2Press ReleaseSecuring personal data in the context of data retention
https://www.enisa.europa.eu/publications/securing-personal-data-in-the-context-of-data-retention
Data retention legislation has been adopted to address concerns related to national security and serious criminal activity. The legislation provides access to communication data for law enforcement purposes. However, according to the Data Retention Directive (DRD) personal data collected, stored or in any way processed in most European Union (EU) Member States (MSs) needs to be securely protected, to meet the requirements of data protection legislation. This study provides the results of (a) a survey on the national implementation of the DRD in six selected Member States on the requirements regarding technical and organisational security measures (in short ‘security measures’) and the implementation of the data security principles that are provided for in the Directive, and (b) a state-of-the-art analysis of the security measures proposed for the protection of personal data collected and stored in the context of the DRD. ENISA initiated this study following a request by the Directorate General Home Affairs (DG HOME) of the European Commission. This document aims at providing a set of recommendations for a common European approach on the security measures that should be taken in relation to retained data, taking into account existing specifications on security measures. No publisherPrivacy2013/12/10 18:45:00 GMT+2Report/StudySecuring data in cyber space
https://www.enisa.europa.eu/publications/info-notes/securing-data-in-cyber-space/view
ENISA comments following recent large-scale data compromise activityNo publisherPrivacy2013/09/06 15:41:02 GMT+2FileSchutz persönlicher Daten: ENISA-Leitlinien zu kryptografischen Lösungen
https://www.enisa.europa.eu/news/enisa-news/prs-in-german/schutz-personlicher-daten-enisa-leitlinien-zu-kryptografischen-losungen/view
Die ENISA veröffentlicht heute zwei Berichte. Der Bericht „Algorithms, key size and parameters“ (Algorithmen, Schlüsselgrößen und Parameter) von 2014 ist ein Referenzdokument mit Leitlinien für Entscheidungsträger. Er richtet sich insbesondere an Experten, die kryptografische Lösungen zum Schutz persönlicher Daten in Unternehmen oder Behörden entwerfen und implementieren. Der Bericht „Study on cryptographic protocols“ (Studie über kryptografische Protokolle) bietet eine Umsetzungsperspektive und beinhaltet Leitlinien zu den Protokollen, die für den Schutz der Online-No publisherPrivacy2014/11/21 13:00:00 GMT+2FileReporting data breaches - public consultation by the EU Commission
https://www.enisa.europa.eu/news/enisa-news/reporting-data-breaches-public-consultation-by-eu-commission
The European Commission has launched a public consultation on the procedures and formats for personal data breach notifications under the ePrivacy Directive. (2002/58/EC). This is an important development to increase the level of data security for citizens in Europe. The Agency’s role has been to develop guidelines for the technical implementation measures. No publisherPrivacy2011/07/21 09:50:00 GMT+2News ItemReport on Annual Privacy Forum 2012
https://www.enisa.europa.eu/publications/report-on-annual-privacy-forum-2012
The first Annual Privacy Forum1 (APF’12) was held in Limassol, Cyprus from 10–11 October 2012. The Forum was co-organised by the European Network and Information Security Agency (ENISA)2 and the European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT),3 with the support of the Department of Computer Science of the University of Cyprus. APF’12 was endorsed as an official event of the Cyprus Presidency of the Council of the European Union.No publisherEuropean Union InstitutionsPrivacyIdentity & Trust2012/12/12 15:00:00 GMT+2Report/StudyReinforcing trust and security in the area of electronic communications and online services
https://www.enisa.europa.eu/publications/reinforcing-trust-and-security-in-the-area-of-electronic-communications-and-online-services
This study provides an overview of well-established security practices, for the purpose of sketching the notion of “state-of-the-art” in a number of categories of measures, as they are listed in ENISA’s guidelines for SMEs on the security of personal data processing.No publisherData protectionPrivacy2019/01/28 18:18:33 GMT+2Report/StudyRecommendations on European Data Protection Certification
https://www.enisa.europa.eu/publications/recommendations-on-european-data-protection-certification
The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.No publisherData protectionPrivacy2017/11/27 13:30:00 GMT+2Report/StudyRecommendations for technical implementation of Art.4
https://www.enisa.europa.eu/publications/art4_tech
In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs and industry. This group helped in the development of the specific technical recommendations for the implementation of the Article 4 of the ePrivacy Directive, including a practical and usable definition of a data breach, and in particular its relation to the definition of an “information security incident”, criteria for determining a data breach, identification and assessment of security controls that affect determination of a breach, identification and assessment of risks of data breaches and procedures of notifications about data breaches in both private and public sector, including online processing of data breaches, definition of „undue delay‟ etc.No publisherPrivacy2011/12/22 13:10:00 GMT+2Report/StudyRecommendations for a methodology of the assessment of severity of personal data breaches
https://www.enisa.europa.eu/publications/dbn-severity
The European Union Agency for Network and Information Security (ENISA) reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of the Art. 4 of the ePrivacy Directive, which included recommendations on how to plan and prepare for data breaches, how to detect and assess them, how to notify individuals and competent authorities and how to respond to data breaches. A proposal of a methodology for personal data breach severity assessment was also included as an annex to the above-mentioned recommendations, which was, however, not considered mature enough to be used at national level by the different Data Protection Authorities. Against this background, the Data Protection Authorities of Greece and Germany in collaboration with ENISA developed, based on the above mentioned work, an updated methodology for data breach severity assessment that could be used both by DPAs as well as data controllers. This working document is a first result of the co-operation between experts of the two DPAs and ENISA. It is planned to further develop the methodology with the aim to generate a final practical tool for a data breach severity assessment. No publisherPrivacy2013/12/06 19:25:00 GMT+2Report/StudyReadiness Analysis for the Adoption and Evolution of Privacy Enhancing Technologies
https://www.enisa.europa.eu/publications/pets
This report aims at developing a methodology that allows to compare different Privacy Enhancing Tech-nologies (PETs) with regard to their maturity, i.e., their technology readiness and their quality concerning the provided privacy notion. The report firstly sketches a methodology for gathering expert opinions and measurable indicators as evidence for a two dimensional rating scale. Secondly, this report reviews two pilots to test the proposed scales and methodology. The results of these pilots are presented in this study. Finally, a list of necessary steps towards a PET maturity repository is made available.No publisherPrivacy2016/03/30 23:00:00 GMT+2Report/StudyPseudonymisation techniques and best practices
https://www.enisa.europa.eu/publications/pseudonymisation-techniques-and-best-practices
This report explores further the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice. Starting from a number of pseudonymisation scenarios, the report defines first the main actors that can be involved in the process of pseudonymisation along with their possible roles. It then analyses the different adversarial models and attacking techniques against pseudonymisation, such as brute force attack, dictionary search and guesswork. Moreover, it presents the main pseudonymisation techniques and policies available today.No publisherPrivacyPseudonymisationData protectionGDPR2019/12/03 13:00:00 GMT+2Report/Study