The Executive Director participated in a high level panel at the European Data Protection and Privacy conference , subtitled 'Creating a modernized and harmonized regulatory framework' in Brussels on 30/11/2010 on the topic: 'Data Breach Notification – time for mandatory notification requirements?'
The Executive Director, Dr Udo Helmbrecht briefly outlined his main points before a public discussion and Q&As followed.
Pls find two brief PPTs attached.
Background:
Art. 4 of ePrivacy Directive (2002/58/EC) which relates to personal data breaches. (Please differentiate this from the Agency work related to security breaches -which is a different matter of a wider scope, but also part of the updated Telekom package.
Data breach notification laws have often a high level of success where they have been introduced. They are encouraging organisations to take a multi-layered approach to security in order to both secure information and protect their reputation.
Practical questions however arise regarding the data breach notifications (DBNs). What constitutes a security breach? Should data breach notification laws be all encompassing, or should exceptions be in place depending on the sector, or the type, of data concerned? Etc.
Participants; Other high-level panel participants included:
David Smith, Deputy Commissioner & Director of Data Protection, UK ICO, Jim Halpert, Partner - Communications, E-Commerce & Privacy, DLA Piper,
Steve Kenny, Head of EU Privacy, Ebay Inc.
Full agenda:
http://www.eu-ems.com/agenda.asp?event_id=62&page_id=426
Stay updated - subscribe to RSS feeds of ENISA news items & PRs!
News items;
http://www.enisa.europa.eu/media/news-items/news-wires/RSS
PRs:
http://www.enisa.europa.eu/media/press-releases/press-releases/RSS