Strengthening privacy in the digital age

Author (Person)
Series Title
Series Details 18.10.07
Publication Date 18/10/2007
Content Type

Viviane Reding, the European commissioner for the information society, will strengthen rules on digital privacy in a forthcoming review of EU telecoms legislation.

Currently, protection of digital data is regulated by the 2002 directive on privacy and e-communications. The law was introduced to set rules on confidentiality for movement of personal data via telecoms networks.

"The update will make security of networks a priority of EU telecoms regulation in future. There will be substantial changes to enable us to achieve this," says Martin Selmayr, Reding’s spokesman.

One of the main features of the update will be mandatory notification of security breaches which result in consumer data being ‘lost or compromised’. A preliminary draft of the updated directive says that consumers should be "informed about available/advisable precautions that they may take in order to minimise possible economic loss or social harm".

The provision could have a major impact on the current policies of so-called data controllers in business and government. "It will focus peoples’ minds on security issues and force them to tighten security," says Rosemary Jay, a partner at the Manchester office of Pinsent Masons, a UK law firm.

"People have an incentive for not notifying," says Ilias Chantzos, Brussels-based head of government relations at security software-maker Symantec. "The damage one suffers from a reputational standpoint is very high."

Security breaches involving consumer information have become a sensitive issue in the UK. The government’s revenue and customs department issued a public apology this month after a laptop containing consumers’ bank details was stolen from an official.

Earlier this year, the UK’s financial services authority (FSA) fined the Nationwide building society £980,000 (€1,408,000) for security breaches discovered during an investigation into the theft of a company laptop. An employee had stored details of nearly 11 million customers on his computer. The FSA found that Nationwide did not launch an investigation until nearly three weeks after the incident.

"The law will put pressure on business," says Jay. "There is certainly a view that this is a policy whose time has come." She warns, however, that standards will have to be proportionate. "How much will it cost business and what will be the benefits?" she asks. "It has to be useful. We shouldn’t just be causing anxiety."

Chantzos says that businesses will need guidelines on the type of information that should be notified. "You need to make sure you have appropriate standards in place whereby you notify breaches that are materially significant.

Viviane Reding, the European commissioner for the information society, will strengthen rules on digital privacy in a forthcoming review of EU telecoms legislation.

Source Link Link to Main Source http://www.europeanvoice.com