Feeds

Steelie Neelie eyeballs ENCRYPTION PLAN for telco data breaches

That way you won't need to tell subscribers you've lost their stuff - EU veep

Business security measures using SSL

Telcos in Europe are being asked to consider encrypting their subscribers' personal information as Brussels confirmed new rules on Monday about the industry's obligation to notify customers about data breaches.

The European Union's unelected digital czar, “Steelie” Neelie Kroes, said that if ISPs agreed to shield the data with difficult-to-crack code then companies would not be required to tell the subscriber when a breach of their data has occurred.

Under the measures - which are separate from the European Commission's proposed rejig of the EU's data protection laws - Brussels' officials said they had clarified a general obligation for telcos to inform national watchdogs about an information breach, which has been in place since 2011.

It told telecoms outfits across the 27 members' state bloc to:

  • ■ Inform the competent national authority of the incident within 24 hours after detection of the breach, in order to maximise its confinement. If full disclosure is not possible within that period, they should provide an initial set of information within 24 hours, with the rest to follow within three days.

  • ■ Outline which pieces of information are affected and what measures have been or will be applied by the company.

  • ■ In assessing whether to notify subscribers (ie, by applying the test of whether the breach is likely to adversely affect personal data or privacy), companies should pay attention to the type of data compromised, particularly, in the context of the telecoms sector, financial information, location data, internet log files, web browsing histories, e-mail data, and itemised call lists.

  • ■ Make use of a standardised format (for example an online form that is the same in all EU Member States) for notifying the competent national authority.

The EC said it would be publishing "an indicative list of technological protection measures, such as encryption techniques, which would render the data unintelligible to any person not authorised to see it."

By encrypting the data, the Commission said the "burden" of companies having to inform national authorities about a breach would be lifted, because the subscriber's personal data would apparently be safeguarded.

"Consumers need to know when their personal data has been compromised, so that they can take remedial action if needed, and businesses need simplicity. These new practical measures provide that level playing field," said Kroes.

The new rules have already winged their way through the European Parliament and the European Council, so the regulation does not need to be transposed into national legislation. The Commission added that it will come into force two months after publication in the Official Journal of the European Union.

ISPs in the UK might look on at Kroes' suggestion of encryption with interest, given the current palaver about spooks' internet surveillance in light of PRISM; not to mention the Home Secretary's torpedoed Communications Data Bill, which permitted the security services and the police to access sensitive subscriber data at will. ®

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.