The European Network and Information Security Agency (ENISA) released a report with technical recommendations for the implementation of article 4 of Directive 2002/58/EC of the ePrivacy Directive, including the notifications on data breaches in the electronic communications sector.
The document aims to make specific recommendations for the implantation of security requirements and to provide guidelines on the following points:
- appropriate technological and organizational measures, listed in the directive, especially on the ''data unintelligibility'';
- detection and assessment of personal data breaches and, in particular, a methodology to evaluate the impact and severity of personal data breaches detected;
- procedures to notifying competent authorities and individuals (content, timing and communication channels).
The report notes that the introduction of a European requirement for notification of data breach for the communications sector represents an important development to increase the level of data security in Europe and promote public confidence.
Consult:
- Recommendations for the technical implementation of the Article 4 of the ePrivacy Directive https://www.anacom.pt/render.jsp?contentId=1113253
Further information:
- Data breach notifications http://www.enisa.europa.eu/act/it/risks-and-data-breaches/dbn
Related information on ANACOM's website:
- Directive 2002/58/EC of the European Parliament and of the Council, of 12.07.2002 https://www.anacom.pt/render.jsp?contentId=985319
