"The privacy watchdog for EU institutions has called for a planned requirement for telecoms companies to publish details of information security breaches to be extended to banks, businesses and medical bodies.
The European Commission has proposed a data breach notification law which would force telecoms companies to tell customers when personal information had been lost. The requirement was among other proposed changes to the Privacy and Electronic Communications Directive published last autumn.
The European Data Protection Supervisor (EDPS) has said that if the proposal is designed to help prevent identity theft it must be extended to include banks, businesses and others.
"While the EDPS is pleased with the security breach notification system … he would have favoured their application at a wider scale to include providers of information society services," said the EDPS's response. "This would mean that online banks, online businesses, online providers of health services etc would also be covered by the law."
- introducing mandatory notification of security breaches resulting in users’ personal data being lost or compromised;
- strengthening implementation provisions related to network and information security to be adopted in consultation with the Authority;
- strengthening implementation and enforcement provisions to ensure that sufficient measures are available at Member State level to combat spam;
- clarifying that the Directive also applies to public communications networks supporting data collection and identification devices (including contactless devices such as Radio Frequency Identification Devices);
- modernising certain provisions that have become outdated, including the deletion of some obsolete or redundant provisions.
Some clarity is further given under the proposals over the use of spyware:However, other than this, it should be noted that this can easily be removed by anti-spyware software (see this article) and stopbadware project.
See also:
No comments:
Post a Comment