Breach Notification

3 November 2017 at 10:21am

Article 29 WP draft on Breach Notification

Andrew Cormack
Data Protection Regulation
incident response
Breach Notification
GDPRtopics
The Article 29 Working Party's draft guidance on Breach Notification under the General Data Protection Regulation (GDPR) provides welcome recognition of the need to do incident response and mitigation in parallel with any breach notification rather than, as I've been warning since 2012, giving priority to notification.
Read more
8 February 2016 at 11:21am

Breach Notification and the GDPR

Andrew Cormack
Data Protection Regulation
Breach Notification
[this article is based on the draft text published by the European Council on 28th January 2016. Recital and article numbers, at least, will change before the final text]
Read more
3 March 2016 at 3:42pm

GDPR - the final text?

Andrew Cormack
Data Protection Regulation
incident response
Access Management
Cloud computing
Breach Notification
ePrivacy Directive
The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission's "lawyer-linguists" to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the resulting text should be adopted by the respective full bodies at meetings in the next couple of months.
Read more
22 July 2016 at 8:56am

Network and Information Security Directive - nearly done

Andrew Cormack
Cybersecurity Directive
NIS Directive
Breach Notification
incident response
Cloud computing
[UPDATE: the Directive has now been published, with Member States required to transpose it into their national laws by 9 May 2018]
Read more
14 April 2014 at 11:13am

Reducing the Impact of Privacy Breaches

Andrew Cormack
Privacy
Breach Notification
Data Protection Regulation
Cybersecurity Directive
eSignature Directive
At present only public telecommunications providers are required by European law to notify their customers of security breaches affecting their privacy, including breaches that the confidentiality, integrity or availability of personal data. In the UK the Information Commissioner has published recommendations on handling privacy breaches, including when to notify those affected.
Read more
3 March 2014 at 11:53am

EU Parliament committees on Network and Information Security

Andrew Cormack
Breach Notification
Cybersecurity Directive
incident response
The various committees of the European Parliament have now published their response to the Commission’s draft Network and Information Security Directive.
Read more
27 September 2013 at 5:51pm

Draft Network and Information Security Directive: consultation summary

Andrew Cormack
Breach Notification
Cybersecurity Directive
incident response
The Department for Business, Innovation and Skills has published a summary of the responses to its consultation on the proposed EU Directive on Network and Information Security (NIS). Summarising that summary (!):
Read more
18 June 2013 at 3:17am

Uncertainty, Risk Assessment and Breach Notification

Andrew Cormack
Breach Notification
Data Protection Regulation
incident response
#firstcon13
Two talks on the first day of the FIRST conference highlighted the increasing range of equipment and data that can be found on the Internet, and the challenges that this presents both for risk assessment and, if incidents do happen, assessing the severity of the possible breach and what measures need to be taken.
Read more
20 February 2013 at 10:10am

Critical Cloud Computing

Andrew Cormack
Cloud computing
Breach Notification
Cybersecurity Directive
ENISA’s Critical Cloud Computing report examines cloud from a Critical Information Infrastructure Protection (CIIP) perspective: what is the impact on society of outages or attacks? The increasing adoption of the cloud model has both benefits and risks.
Read more
7 February 2013 at 4:34pm

EU Cyber Security Strategy

Andrew Cormack
incident response
Breach Notification
CSIRT
Cybersecurity Directive
The European Commission’s Cyber Security Strategy aims to ensure that Europe benefits from a “robust and innovative Internet”. The Strategy has five priorities:
Read more
Subscribe to Breach Notification