ENISA proposals to bring providers in line with data protection laws

Category: Data destruction

29 August, 2012

The European Network and Information Security Agency (ENISA) has issued a series of proposals designed to bring online service and network providers in line with European data protection laws.

Outlined in the 'Cyber Incident Report in EU' document, the changes hope to prevent data breaches by extending the provisions outlined in the protection laws for telecoms providers.

Highlighting the importance of data destruction to limit the chance of breach, the reforms will require any company with a European presence to report a breach if it could harm a victim, but not if the data is "unintelligible", a.k.a, encrypted or hashed.

Telecom data protection laws also changed the e-Privacy directive, requiring providers to take appropriate technical and organisation measures to ensure security, notify personal data breaches to the national authority and subscribers and individuals concerned, and keep an inventory of personal breaches.

This has come about as a result of an observation that LinkedIn would not be required to report a breach if the definition of 'services' is not changed to fall in line with telecom provider regulations.

For peace of mind contact Kroll Ontrack; cost-effective and compliant end-of-life data erasure solutions.

Posted by Ceilidh Robertson