Hoe om te gaan met data diefstal? (en)

Met dank overgenomen van Europese Commissie (EC) i, Europese Toezichthouder voor gegevensbescherming (EDPS) i, gepubliceerd op maandag 26 oktober 2009.

Brussels, Monday 26 October 2009

Stakeholders discuss how to respond to data breaches at EDPS-ENISA seminar (Brussels, 23 October 2009)

On 23 October, the European Data Protection Supervisor (EDPS) i, in cooperation with the European Network and Information Security Agency (ENISA) i, organised a seminar entitled "Responding to data breaches". The seminar, which was mainly aimed at data controllers and data security practitioners, was attended by more than 80 participants.

Introduced by keynote speeches from Supervisor Peter Hustinx, Commissioner Viviane Reding i and ENISA Executive Director Udo Helmbrecht, discussions offered the possibility to explore the challenges related to the main steps of the data breach life cycle: prevention, management and notification.

The debates at the seminar highlighted the need for data controllers, together with other stakeholders, to adopt proper risk management in order to appropriately mitigate the risk of such breaches. It was stressed that this will not only require technological solutions but also organisational measures, including increasing the responsibility of the highest management levels of entities concerned. They should also promote the development of adequate safeguards and facilitate a more transparent distribution of responsibilities.

Although the obligation to notify breaches will soon be introduced in the so-called " e-Privacy Directive" as part of the reformed telecoms package, the seminar acknowledged that society's increasing reliance on information and communication technologies means that the data breach phenomenon already goes far beyond the electronic communications sector. In that sense, the Commission emphasised that, in close consultation with the EDPS and other stakeholders, it would consider going a step further than the revised e-Privacy Directive to extend the debate to generally applicable breach notification requirements and work on possible legislative solutions.

A brief report of the seminar will be published on the EDPS website shortly. The EDPS will continue to closely monitor the regulatory developments in this field and will provide specific and appropriate opinions as he finds appropriate.

For more information, please contact the EDPS Press Service at: press@edps.europa.eu

EDPS - The European guardian of personal data protection

www.edps.europa.eu