Breach Notification

3 November 2017 at 10:21am
The Article 29 Working Party's draft guidance on Breach Notification under the General Data Protection Regulation (GDPR) provides welcome recognition of the need to do incident response and mitigation in parallel with any breach notification rather than, as I've been warning since 2012, giving priority to notification.
8 February 2016 at 11:21am
[this article is based on the draft text published by the European Council on 28th January 2016. Recital and article numbers, at least, will change before the final text]
3 March 2016 at 3:42pm
The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission's "lawyer-linguists" to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the resulting text should be adopted by the respective full bodies at meetings in the next couple of months.
22 July 2016 at 8:56am
[UPDATE: the Directive has now been published, with Member States required to transpose it into their national laws by 9 May 2018]
14 April 2014 at 11:13am
At present only public telecommunications providers are required by European law to notify their customers of security breaches affecting their privacy, including breaches that the confidentiality, integrity or availability of personal data. In the UK the Information Commissioner has published recommendations on handling privacy breaches, including when to notify those affected.
3 March 2014 at 11:53am
The various committees of the European Parliament have now published their response to the Commission’s draft Network and Information Security Directive.
27 September 2013 at 5:51pm
The Department for Business, Innovation and Skills has published a summary of the responses to its consultation on the proposed EU Directive on Network and Information Security (NIS). Summarising that summary (!):
18 June 2013 at 3:17am
Two talks on the first day of the FIRST conference highlighted the increasing range of equipment and data that can be found on the Internet, and the challenges that this presents both for risk assessment and, if incidents do happen, assessing the severity of the possible breach and what measures need to be taken.
20 February 2013 at 10:10am
ENISA’s Critical Cloud Computing report examines cloud from a Critical Information Infrastructure Protection (CIIP) perspective: what is the impact on society of outages or attacks? The increasing adoption of the cloud model has both benefits and risks.
7 February 2013 at 4:34pm
The European Commission’s Cyber Security Strategy aims to ensure that Europe benefits from a “robust and innovative Internet”. The Strategy has five priorities:
Subscribe to Breach Notification