EC sets telecom sector rules on data breach notification

News Broadband Europe 24 JUN 2013
EC sets telecom sector rules on data breach notification
The European Commission has issued new regulations on what telecom operators and ISPs should do if their customers' personal data is lost, stolen or otherwise compromised. The regulations are considered "technical implementing measures" under the EU's ePrivacy directive and are aimed at addressing the growing number of data breaches in the market. Operators are already obliged since 2011 to inform national authorities and subscribers about breaches of personal data, and the new rules are expected to clarify and improve the process. 

Under the new regulation, companies must inform the national authority within 24 hours of detecting the breach. If full disclosure is not possible within a day, they should provide an initial set of information within 24 hours, with the rest to follow within three days. The notification should outline which pieces of information are affected and what measures have been or will be applied by the company. In assessing whether to notify subscribers (by applying the test of whether the breach is likely to adversely affect personal data or privacy), companies should pay attention to the type of data compromised, focusing particularly on financial information, location data, internet log files, web browsing histories, e-mail data, and itemised call lists. 

To encourage companies to encrypt all customer data, the new regulation will exempt companies from the requirement to notify customers if they have previously employed an approved encryption technique. The latter will be developed with networks security agency Enisa.

Categories:

Internet

Regions:

Europe

Tags:

Customer service, Voice services, Security, Regulations, Internet Access, Wholesale

Related Articles

EUROPE 6 FEB 2014

ENISA publishes SOP for cyber crisis management

The EU Agency for Network and Information Security (ENISA), the European Free Trade Area (EFTA), French IT security agency ANSSI and those of other member states have drafted a reference document called the European Standard Operating Procedures (SOP) for the management of cybernetic crises in the EU. The guidelines were tested for three years in pan-European exercises organised by ENISA, which included Cyber Atlantic in 2011 and Cyber Europe in 2012.

EUROPE 11 OCT 2013

Debate emerges on EU cross-border data privacy breaches

The French government has reiterated its call for a European-level co-decision mechanism to be formed to protect EU citizens' privacy rights against potential abuses by online companies, but has found little support from other member states, AFP writes in Le Monde. Justice Minister Chistiane Taubira took her message to her counterparts at a European Council meeting in Luxembourg, seeking assurances that France's petition is not forgotten. Discussions centred on the creation of a single entity to monitor the

SWEDEN 27 AUG 2013

PTS says integrity breaches must be reported within 24 hours

Swedish postal and telecoms services regulator PTS said a new European regulation came into force on 25 August, requiring operators to report any breach of telecommunications integrity to PTS within 24 hours. PTS has brought in an electronic reporting service to facilitate this. It said operators must also report service incidents to affected customers, too. Members of the public are welcome to inform PTS of any adverse events, too.

EUROPE 20 JUN 2013

Google gets 3 months to comply with EU data privacy rules

French data protection agency Cnil has given Google three months to align its policies with French private data protection legislation or face fines of EUR 150,000 to 300,000 a day. The formal notice stems from a process started jointly by the data protection authorities of the 27 EU member states in October 2012 over the company's privacy policy. French regulator Cnil said in April that there had been no signs of change at Google. The UK, Netherlands, Germany, Italy and Spain will begin their own procedure

EUROPE 19 DEC 2012

EU to investigate Microsoft's use of personal data

EU privacy regulator Article 29 said it will review terms of use introduced by Microsoft in October that enable it to gather data on how customers use free services such as Bing, Windows Live and Hotmail. Citing sources in Brussels, The Financial Times reports that Article 29 wrote to Microsoft that changes to the services agreement and linked privacy policy affects many people in EU member states, given the wide range of services it offers. Microsoft said its privacy policies have not changed and that it

EUROPE 23 JUL 2012

EC opens consultation on open internet preservation

The European Commission launched a public consultation whose aim is to search for answers to questions on transparency, switching and certain aspects of internet traffic management, with a view to its commitment to preserve the open and neutral character of the internet. These questions have emerged as key issues in the 'net neutrality' debate that has taken place in Europe over the past years, including the recent findings of the Body of European Regulators of European Communications (BEREC). Input is soug

EUROPE 1 JUN 2012

EU warns Google to make changes to search results

European antitrust chief Joaquin Almunia has given Google until 2 July to offer changes in its search results and advertising rules or face the threat of being taken to court and paying potentially huge fines, The Guardian reported. Almunia wrote a private letter, explaining the European commission's concerns on how Google's dominance could be harming competition. The US and South Korea are also investigating whether Google is abusing its near-monopoly in search, while in Europe, accusations that it is inva

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.