The European Commission is holding a consultation until 9 September 2011 to compile opinion from European Union (EU) Member States, providers of electronic communications, national data protection authorities, consumer organisations and other interested parties on whether additional practical rules are needed to make sure that personal data breaches are notified in a consistent way across the EU.
The consultation is focused on three issues:
- Circumstances: how organisations comply, or intend to comply, with the new obligation under the telecoms rules; the types of breaches that would trigger the requirement to notify the subscriber or individual and examples of protection measures that can render data unintelligible
- Procedures: the notification deadline, the means of notification and the procedure for an individual case
- Formats: the contents of the notification to the national authority and to the individual, existing standard formats and the feasibility of a standard EU format.
In addition, the Commission wants to learn more about cross-border breaches and compliance with other EU obligations relating to security breaches.