ENISA, the European Union’s “cyber security” Agency, launched today a report recommending that all authorities should better promote cryptographic measure to safeguard personal data.
The report addresses ways to protect sensitive and/or personal data that has been acquired legitimately. The clear link between privacy and cryptography is underlined, demonstrating how the latter can play a role in protecting personal data and safeguarding legitimately collected sensitive or confidential data.
The report presents a mapping of security requirements for personal data and basic cryptographic techniques. It is noteworthy that information security measures and mechanisms can be deployed for the protection of personal data. However, information security does not cover all the issues regarding personal data protection and privacy.
Indeed, personal/sensitive data requires different protection measures in different stages of the lifecycle. Therefore, the report presents a short version of such a lifecycle description. The report also identifies security measures and an introduction to basic cryptographic techniques.
The report is complemented with a set of technical recommendations for algorithms, key sizes, parameters and protocols. The target audiences of these recommendations are system developers and maintenance engineers in commercial environments who are faced with the need to deploy or replace protective measures for data.
Amongst the top three findings and recommendations are:
- The cryptographic measures are only one piece of a puzzle when referring to privacy and data protection. However, cryptographic measures can provide an important layer of protection for data protection, which may reduce the impact of breaches. The relevant stakeholders (Data Protection Authorities, EU Member States authorities, and service providers) should recommend users and others to implement security measures for protecting personal data, as well as should rely on state-of-the-art solutions and configurations for this purpose.
- All these stakeholders could use the technical cryptographic measures and recommendations proposed in another recent ENISA study, addressed to decision makers and specialists as a reference.
- Specialised personnel are needed for the correct implementation of updated cryptographic protective measures.
The Executive Director of ENISA, Professor Udo Helmbrecht commented: “Cryptography is an ancient way to secure data, which still is valid today to protect personal data online.”
For the full reports: Recommended cryptographic measures - Securing personal data & Algorithms, Key Sizes and Parameters Report
Background: Commission Regulation No 611/2013on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC on privacy and electronic communications
For interviews: Ulf Bergström, Spokesman, E-mail: ulf.bergstrom[at]enisa.europa.eu, mobile: + 30 6948 460 143, or Rodica Tirtea/Stefan Schiffner, Expert, sta[at]enisa.europa.eu