All the latest UK technology news, reviews and analysis

Breach notification laws get green light

by Dave Neal

10 Nov 2009

Be the first to comment

  • Tweet this
EU flag
The EU is introducing data breach notification laws for ISPs

The EU has announced that "nothing stands in the way" of its ePrivacy Directive, paving the way for stronger rules surrounding data breaches and other privacy issues.

The EU said that, since the telecoms reform package had been approved, any work left to do on its rules was just a formality, with the new ePrivacy Directive requiring compulsory adoption by member states within 18 months.

The 'formalities' required for the EU's formal adoption of the rules are expected to take just a few weeks, and once completed will tighten up rules surrounding security breaches, spyware, cookies and spam.

Under the new rules, if an ISP is involved in a data breach involving individuals' personal information, they will have to notify the people involved. The EU suggested likely scenarios including, "those where the loss could result in identity theft, fraud, humiliation or damage to reputation".

Other rules will ensure the 'reinforced' protection of communications, such as how and when cookies are installed on user machines, and the right to bring 'effective legal proceedings against spammers'. This last change will apply to both individuals and ISPs, the EU said.

European data protection controllers will also find their powers extended, and will be able to order that any breaches of their rules are immediately stopped, whether on their own shores, or cross-European borders.

Peter Hustinx, the European data protection supervisor, said, "I welcome the many improvements in the protection of privacy in the revised ePrivacy Directive. But it is now crucially important to broaden the scope of the security breach provisions to all sectors and further define the procedures for notification.

"Also, the new rules must be effectively enforced. I note in particular the emphasis on more effective enforcement of the rules on spyware and cookies. This has special relevance where privacy rights must be protected in relation to so-called targeted advertising."

Do you agree?

 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

34%

0%

11%

55%

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Symanteccloud

Social networking: a guide for IT managers

Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them

Riverbed

Mitigating the risks of IT change

The importance of understanding your infrastructure

Application Security SME, Penetration Tester / Ethical Hacker

Application Security SME, Penetration Tester / Ethical...

Java Developer

Java Developer Thomas Cook Online is the business unit...

Contract Systems Administrator, Windows £320 per day

Contract Systems Administrator, Southampton My...

PHP Web Developer, PHP, to £30k + 30% bonus

PHP Web Developer required to join my market-leading...

To send to more than one email address, simply separate each address with a comma.