@StoretecHull
www.storetec.net
Facebook.com/storetec Storetec Services Limited
Telcos and ISPs Prepare For New Data Breach Disclosure Rules Telecoms operators and internet service providers (ISPs) will no doubt be busy getting their houses in order this week as they prepare for the introduction of new regulations requiring mandatory disclosure of personal data breaches. The European Union is bringing the rule into effect on Sunday (August 25th 2013) as part of an extension to the 2009 E-Privacy Directive. It means that all such companies in Europe will have to notify national authorities if any theft, loss or unauthorised access of their customers' personal information occurs.
It includes emails, calling data and IP addresses and the notification must contain details including the timing of the breach, the data involved and whether or not anyone will be negatively affected by it. They will also need to outline what is being done to address the problem. However, if the telecoms providers can demonstrate to regulators that the "technological protection measures" in place mean the breached data is "unintelligible to any person who is not authorised to access it", they will be able to avoid the next step, which is notifying the individual customers.
The European Commission has published a list of the measures it considers as suitable for making personal data unintelligible, but it means that encryption and online hosting from third parties could become ever-more important in the future as firms seek to protect what they store. Not everyone is pleased with the new development, with Stewart Room from law firm Field Fisher Waterhouse saying he thinks the regulations requiring businesses to report data breaches within a day are "controversial".
He told Computer Weekly: "It is hard to detect a substantive logic to this measure and, in more practical terms, it is hard to see why such rapid disclosure is needed." But technology law specialist Luke Scanlon of Pinsent Masons said in an article for Out-Law.com that the decision is likely to relate to the possibility of the same laws being brought in for all kinds of companies under the Draft Data Protection Regulation, something that was proposed last year.
"It may be that the commission intends to evaluate the impact that a 24hour notification period will have on these types of organisations. If the evidence suggests that the notification requirement may not be as burdensome as some have suggested in terms of cost and administration for organisations subject to these requirements, the commission may feel that it has a solid basis upon which to push forward with its proposal," he pointed out. This is something that has been campaigned against by Information Commissioner Christopher Graham, who said in a speech at Infosecurity Europe 2012 that it would result in the Information Commissioner's Office (ICO) being "buried" under a mountain of emails and telephone calls detailing data breaches, Computer Weekly reported.
He also insisted that the current system of voluntary disclosure works well because there is no temptation for companies to cover them up. However, it may be that something does need to be done to ensure that businesses are not taking unnecessary risks or just being careless with personal information, particularly since so much of it is being stored electronically these days. Indeed, the ICO reported earlier this month that carelessness with data data is still one of the main reasons for it to get lost or fall into the wrong hands.
Sally-Anne Poole from the governing body said 'disclosed in error' covers "everything from emails being sent to the wrong people to information erroneously included in freedom of information responses". Whether your business is in the telecommunications sector or not, it is essential to have good data management practices in place. Proof of this may be essential soon too, if the same rules are brought in for other sectors as for ISPs and telcos. If you're in need of some help with storage, encryption or any similar issues, get in touch with Storetec today for professional, efficient help and a great, effective solution.
Storetec News/Blogs."http://www.storetec.net/news-blog/telcosand-isps-prepare-for-new-data-breach-disclosure-rules/" Telcos and ISPs Prepare For New Data Breach Disclosure Rules’. Aug 20, 2012. Storetec.