• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

New European Data Breach Rules for Telcos and ISPs

September 11, 2013 By Kimberly Peretti

On August 25, 2013, a new European Regulation came into effect that changed and expanded upon the breach notification procedures set forth in the E-Privacy Directive (2002/58/EC). The Regulation outlines two independent notification obligations: (1) notification to the relevant national authority within 24 hours after detection of a personal breach where feasible; and (2) notification to affected individuals when the personal data breach is likely to adversely affect the personal data or privacy of a subscriber or individual without undue delay. Notification to subscribers or individuals is not required if the provider has encrypted the data or otherwise rendered it unintelligible. While the E-Privacy Directive and the Regulation applies only to “providers of publicly available telecommunication services,” such as telecommunication companies, ISPs, and email providers, these new requirements have generated and will continue to generate broader interest because of similar language incorporated into the draft General Data Protection Regulation 2012, which applies to all businesses that handle personal data.

We are glad to feature a summary of the new requirements of the Regulation on our blog, written by Ruth Boardman, Ariane Mole, and Gabriel Voison of Bird & Bird LLP.

The views and opinions expressed in the summary of the new requirements of the Regulation are solely those of the author(s). They are not necessarily representative of the views of Alston & Bird LLP or Bird & Bird. The materials on this blog and the summary of the new requirements of the Regulation are provided for informational purposes only and do not constitute legal advice. Please contact any member of the Alston & Bird’s Privacy & Security team if you are seeking legal advice.

Written by Kimberly Peretti, Partner, Security Incident Management & Response Team | Alston & Bird LLP

Filed Under: Cybercrime, Cybersecurity, Data Breach, International, Legislation, Privacy, Security Breach

About Kimberly Peretti

Kim is a former DOJ cybercrime prosecutor and former director of PwC’s cyber forensics group. She has over 20 years of experience in cybercrime, data breach response, and cybersecurity and delivers top-of-the-line cyber risk management and information security counsel to her clients. Kim is co-lead of our Cybersecurity Preparedness & Response Team.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
  • Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
  • Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK
  • UK ICO Publishes New Data Sharing Code
  • SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy