Feeds

Steelie Neelie eyeballs ENCRYPTION PLAN for telco data breaches

That way you won't need to tell subscribers you've lost their stuff - EU veep

5 things you didn’t know about cloud backup

Telcos in Europe are being asked to consider encrypting their subscribers' personal information as Brussels confirmed new rules on Monday about the industry's obligation to notify customers about data breaches.

The European Union's unelected digital czar, “Steelie” Neelie Kroes, said that if ISPs agreed to shield the data with difficult-to-crack code then companies would not be required to tell the subscriber when a breach of their data has occurred.

Under the measures - which are separate from the European Commission's proposed rejig of the EU's data protection laws - Brussels' officials said they had clarified a general obligation for telcos to inform national watchdogs about an information breach, which has been in place since 2011.

It told telecoms outfits across the 27 members' state bloc to:

  • ■ Inform the competent national authority of the incident within 24 hours after detection of the breach, in order to maximise its confinement. If full disclosure is not possible within that period, they should provide an initial set of information within 24 hours, with the rest to follow within three days.

  • ■ Outline which pieces of information are affected and what measures have been or will be applied by the company.

  • ■ In assessing whether to notify subscribers (ie, by applying the test of whether the breach is likely to adversely affect personal data or privacy), companies should pay attention to the type of data compromised, particularly, in the context of the telecoms sector, financial information, location data, internet log files, web browsing histories, e-mail data, and itemised call lists.

  • ■ Make use of a standardised format (for example an online form that is the same in all EU Member States) for notifying the competent national authority.

The EC said it would be publishing "an indicative list of technological protection measures, such as encryption techniques, which would render the data unintelligible to any person not authorised to see it."

By encrypting the data, the Commission said the "burden" of companies having to inform national authorities about a breach would be lifted, because the subscriber's personal data would apparently be safeguarded.

"Consumers need to know when their personal data has been compromised, so that they can take remedial action if needed, and businesses need simplicity. These new practical measures provide that level playing field," said Kroes.

The new rules have already winged their way through the European Parliament and the European Council, so the regulation does not need to be transposed into national legislation. The Commission added that it will come into force two months after publication in the Official Journal of the European Union.

ISPs in the UK might look on at Kroes' suggestion of encryption with interest, given the current palaver about spooks' internet surveillance in light of PRISM; not to mention the Home Secretary's torpedoed Communications Data Bill, which permitted the security services and the police to access sensitive subscriber data at will. ®

Boost IT visibility and business value

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE accused of silencing customer gripes on social media pages
Hello. HELLO. Can EVERYTHING EVERYWHERE HEAR ME?!
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
Broadband slow and expensive? Blame Telstra says CloudFlare
Won't peer, will gouge for Internet transit
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?