Posts relating to requirements to notify security breaches
I’ve been pointed to an interesting article by Alexis Madrigal about the work of Helen Nissenbaum, an American philosopher who has been looking at what “privacy” actually means, and what sort of things cause us to feel that our privacy has been invaded. A lot of discussion (and most of EU data protection law) assumes […]
The European Commission, Parliament and Council of Ministers have been discussing revisions to the package of Telecoms Directives for a couple of years, but now seem to be approaching a final conclusion. Once the new Directives are published, member states will have a fixed time period – normally 18 months – in which to implement […]
I’ve just sent in a Janet Submission to the Ministry of Justice’s Call for Evidence on the EU Data Protection proposals. Our response mentions the good and bad things about the proposal, as discussed here previously, for Internet Identifiers: still no clarity on when IP addresses etc. are personal data, but at least more realistic […]
In dealing with breaches of privacy the Commission’s enthusiasm to protect and reassure Internet users seems to run the risk of having the opposite effect. Article 4(9) of the proposed Regulation defines ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, […]
Last week the European Commission published their proposed new Data Protection legislation. This will now be discussed and probably amended by the European Parliament and Council of Ministers before it becomes law, a process that most commentators expect to take at least two years. There’s a lot in the proposal so this post will just […]
Earlier this year the European Community revised its regulatory framework for telecommunications networks, so the UK Government is now consulting on how to implement those changes in UK law. Although most of the changes are not relevant to JANET as a private network, I have responded in three areas: Data breach notification, where the UK […]
The Ministry of Justice has been seeking evidence to inform its input into the ongoing revision of the European Data Protection Directive (95/46/EC). I’ve submitted a JANET response, covering three issues where we frequently trip over problems with either the interpretation or the use of the current Directive and the Data Protection Act 1998 that […]
Regulators and governments are moving towards creating a requirement that anyone who suffers a security breach affecting personal data would have to report it. A number of American states already have such laws, the recent revision of the European Telecoms Framework Directive introduced a breach notification requirement for telecoms providers and the Commissioner has stated […]
Further to my last posting on breach notification, my attention has been drawn to a recent (22nd October 2009) draft text of the proposed Directive to amend the EC telecoms directives. As an amendment to the existing Directive 2002/58/EC the new proposals would apply in the first instance only to public telecommunications networks and services. […]