Log in

Posts Tagged ‘European Network and Information Security Agency’

European Data Breach Law is a Worry for Telecom Companies

January 21st, 2011

: ENISA

Time and again, we have been educating you about the stringent data breach laws that are being brought into practice by governments of various countries. Our goal is to create awareness about the changes in the IT security system and the precautionary measures that you need to take in-order to control them. Talking about laws, United States has been a key driver for such laws and is followed closely by UK. This time our discussion spans across the whole of Europe, where the organizations in Telecom sector are apparently worried about a soon to be implemented law involving data breach notification.

What is ENISA?

Getting started, let us first of all try to understand what ENISA is? ENISA stands for European Network and Information Security Agency. ENISA is primarily the cyber security agency of European Union. Its mission is to achieve a high and effective level of Network and Information Security within the European Union.

ENISA’s Report about Data Breach Notifications

On 14th of January 2011 i.e. exactly a week ago, ENISA has released a new report about data breach notifications in Europe. The report is bi-folded and addresses the following aspects:

1. The key concerns of the telecom operators (via a representative sample of companies)
2. Issues raised by data protection authorities (via interviews of DPAs)

In the wake of recent breach incidents in Europe, the law is absolutely critical to reassure citizens that their data is protected by e-communications operators.

What is the Data Breach Law then?

This security breach notification law forces companies, which have lost customers’ or employees’ personal data to announce the data loss across Europe.

Eduardo Ustaran, head of the privacy and information law group at law firm Field Fisher Waterhouse (FFW), said “the law will be introduced under an amendment to the 1995 EU Data Protection Directive, which is currently being reviewed by the EU Commission”. Ustaran, further added, “All of the European data protection regulators have made very strong calls for this mandatory breach notification”.

The Executive Director of the Agency, Prof. Udo Helmbrecht commented: “Gaining and maintaining the trust of citizens of that their data is secure and protected is an important factor in the future development and take-up of innovative technologies and online services across Europe.

Back-tracking the Data Breach Notification Law

In the UK, the data-protection regulator is the Information Commissioner’s Office. The data breach notification laws started in California, have spread over most of the USA and in Europe, with national data protection laws already in place since 1973. The data security remains just one element of their comprehensive coverage. In the United Kingdom, the data-protection regulator has the power to fine organisations for breaching data protection laws and has first fined the Hertfordshire County Council and employment services company A4e.

The Part 11 of the Anti-Terrorism, Crime and Security Act 2001 contains a number of sections which deal with the retention of communications data by fixed line and mobile telephone service providers and internet service providers.

Data Breach History in EU

More than 1,000 security breaches involving the loss of confidential customer data have been reported in UK till now. According to the Information Commissioner’s Office’s figure, this list is topped by the NHS which has reported 305 breaches since November 2007.

Enisa data-breach expert Sławomir Górniak said “Every day there seems to be headlines that personal data has been leaked, that someone has found a laptop on a train”. Measures such as encryption can mitigate the risk, “If you lose a laptop, and it’s encrypted, and you have the keys, then this is not a data breach,” he added.

Organisations must provide a clear assurance to customer that the private data will not be leaked in the software and security functions used in privacy is at up-to-date level.

How Alertsec Xpress Would Have Helped

To stay secure, and protect your data from breach incidents, it is vital to use a data security/recovery software. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

United Kingdom Tops Cyber Security

March 18th, 2010

All the internet community of UK would be extremely glad to hear that United Kingdom’s practices in Cyber Security have been found to be reasonable and adequately equipped to deal with the cyber security threats and other vunlerability attacks

The report was released by House of Lords committee. Apparently the House of Lords EU community report looked at how United Kingdom has geared up towards the defence mechanism in the Cyber space. In addition, the UK has been praised for their security effort which also says that the nation leads every other EU country and their benchmarks are unmatches and something that should be adopted by others in the fraternity.

With the encouragement, UK has also been advised to organize a training sessions focussed towards Cyber security. In addition, the report has also suggested the inclusion of US and NATO.

The report has also criticized ENISA, the cyber security agency of European Union for their location. The agency is located in a small Greek island of Crete.

According to the report, “We are convinced that the decision to site ENISA at Heraklion was not taken on the basis of a careful cost/benefit analysis, and it has led and continues to lead to problems over the recruitment and retention of staff, and over the scheduling of meetings,” .

In a statement issued by, Lord Jopling, chairman of the sub-committee “We believe strongly that the government and the EU should be giving greater attention to how cyber-security could be developed on a global basis. The internet has no borders, and it is important that any proposals from the EC are considered in a global context. “A first step must be better cooperation with NATO. The EU and NATO have similar interests in defence against cyber-attacks and work in similar ways, yet there is virtually no communication between them. There must be cooperation rather than duplication. “Further to this, broadening the dialogue with other major international players, such as the US, Russia and China will be essential if we are to become more robust in our defences against cyber attacks.”

Stay a front-runner in Cyber Security

Choose Alertsec’s Security Products right now

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Check out our convenient and cost-effective computer security software for Windows 2000, XP, Vista and 7.