Feeds

Steelie Neelie eyeballs ENCRYPTION PLAN for telco data breaches

That way you won't need to tell subscribers you've lost their stuff - EU veep

Boost IT visibility and business value

Telcos in Europe are being asked to consider encrypting their subscribers' personal information as Brussels confirmed new rules on Monday about the industry's obligation to notify customers about data breaches.

The European Union's unelected digital czar, “Steelie” Neelie Kroes, said that if ISPs agreed to shield the data with difficult-to-crack code then companies would not be required to tell the subscriber when a breach of their data has occurred.

Under the measures - which are separate from the European Commission's proposed rejig of the EU's data protection laws - Brussels' officials said they had clarified a general obligation for telcos to inform national watchdogs about an information breach, which has been in place since 2011.

It told telecoms outfits across the 27 members' state bloc to:

  • ■ Inform the competent national authority of the incident within 24 hours after detection of the breach, in order to maximise its confinement. If full disclosure is not possible within that period, they should provide an initial set of information within 24 hours, with the rest to follow within three days.

  • ■ Outline which pieces of information are affected and what measures have been or will be applied by the company.

  • ■ In assessing whether to notify subscribers (ie, by applying the test of whether the breach is likely to adversely affect personal data or privacy), companies should pay attention to the type of data compromised, particularly, in the context of the telecoms sector, financial information, location data, internet log files, web browsing histories, e-mail data, and itemised call lists.

  • ■ Make use of a standardised format (for example an online form that is the same in all EU Member States) for notifying the competent national authority.

The EC said it would be publishing "an indicative list of technological protection measures, such as encryption techniques, which would render the data unintelligible to any person not authorised to see it."

By encrypting the data, the Commission said the "burden" of companies having to inform national authorities about a breach would be lifted, because the subscriber's personal data would apparently be safeguarded.

"Consumers need to know when their personal data has been compromised, so that they can take remedial action if needed, and businesses need simplicity. These new practical measures provide that level playing field," said Kroes.

The new rules have already winged their way through the European Parliament and the European Council, so the regulation does not need to be transposed into national legislation. The Commission added that it will come into force two months after publication in the Official Journal of the European Union.

ISPs in the UK might look on at Kroes' suggestion of encryption with interest, given the current palaver about spooks' internet surveillance in light of PRISM; not to mention the Home Secretary's torpedoed Communications Data Bill, which permitted the security services and the police to access sensitive subscriber data at will. ®

Boost IT visibility and business value

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Speak your brains on SIGNAL-FREE mobile comms firm here
Is goTenna tech a goer? Time to grill CEO, CTO
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.