Time and again, we have been educating you about the stringent data breach laws that are being brought into practice by governments of various countries. Our goal is to create awareness about the changes in the IT security system and the precautionary measures that you need to take in-order to control them. Talking about laws, United States has been a key driver for such laws and is followed closely by UK. This time our discussion spans across the whole of Europe, where the organizations in Telecom sector are apparently worried about a soon to be implemented law involving data breach notification.
What is ENISA?
Getting started, let us first of all try to understand what ENISA is? ENISA stands for European Network and Information Security Agency. ENISA is primarily the cyber security agency of European Union. Its mission is to achieve a high and effective level of Network and Information Security within the European Union.
ENISA’s Report about Data Breach Notifications
On 14th of January 2011 i.e. exactly a week ago, ENISA has released a new report about data breach notifications in Europe. The report is bi-folded and addresses the following aspects:
1. The key concerns of the telecom operators (via a representative sample of companies)
2. Issues raised by data protection authorities (via interviews of DPAs)
In the wake of recent breach incidents in Europe, the law is absolutely critical to reassure citizens that their data is protected by e-communications operators.
What is the Data Breach Law then?
This security breach notification law forces companies, which have lost customers’ or employees’ personal data to announce the data loss across Europe.
Eduardo Ustaran, head of the privacy and information law group at law firm Field Fisher Waterhouse (FFW), said “the law will be introduced under an amendment to the 1995 EU Data Protection Directive, which is currently being reviewed by the EU Commission”. Ustaran, further added, “All of the European data protection regulators have made very strong calls for this mandatory breach notification”.
The Executive Director of the Agency, Prof. Udo Helmbrecht commented: “Gaining and maintaining the trust of citizens of that their data is secure and protected is an important factor in the future development and take-up of innovative technologies and online services across Europe.
Back-tracking the Data Breach Notification Law
In the UK, the data-protection regulator is the Information Commissioner’s Office. The data breach notification laws started in California, have spread over most of the USA and in Europe, with national data protection laws already in place since 1973. The data security remains just one element of their comprehensive coverage. In the United Kingdom, the data-protection regulator has the power to fine organisations for breaching data protection laws and has first fined the Hertfordshire County Council and employment services company A4e.
The Part 11 of the Anti-Terrorism, Crime and Security Act 2001 contains a number of sections which deal with the retention of communications data by fixed line and mobile telephone service providers and internet service providers.
Data Breach History in EU
More than 1,000 security breaches involving the loss of confidential customer data have been reported in UK till now. According to the Information Commissioner’s Office’s figure, this list is topped by the NHS which has reported 305 breaches since November 2007.
Enisa data-breach expert Sławomir Górniak said “Every day there seems to be headlines that personal data has been leaked, that someone has found a laptop on a train”. Measures such as encryption can mitigate the risk, “If you lose a laptop, and it’s encrypted, and you have the keys, then this is not a data breach,” he added.
Organisations must provide a clear assurance to customer that the private data will not be leaked in the software and security functions used in privacy is at up-to-date level.
How Alertsec Xpress Would Have Helped
To stay secure, and protect your data from breach incidents, it is vital to use a data security/recovery software. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.