1 The prospects of data breach laws in 18 European countries Stewart Dresner, Chief Executive, Privacy Laws & Business 11:30 a. m.11:30 a.m. Privacy in.

Slides:



Advertisements
Similar presentations
The European Law Students Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina ˙ Bulgaria ˙ Croatia ˙ Cyprus ˙ Czech Republic.
Advertisements

EU nationals and benefits Update on 2014 changes
Standing for trust and integrity OROC Congress Ethics and Accountability Lisbon, 22 October 2010 Hilde Blomme FEE Director of Practice Regulation.
Women on Boards in Europe – From a Snail’s Pace to a Giant Leap? EWL report on progress and gaps Seminar ‘Equal Rights, Equal Voices? Women in Decision-Making.
We’re here for you. “European Exchange of Best Practice in Arson Investigation and Prevention” European exchange of best practice in arson investigation.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
SEPA The Single Euro Payments Area January SEPA Single Euro Payments Area or Single European Payments Area *) A single market for payment transactions.
EP/Council Division of Power Commission proposes law, EP response based on one of three models: Co-decision (most issues, currently) – policy goes to EP,
Delegations ICM Cluj-Napoca, 20th April The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina.
Delegations III KAM, Bratislava 4th to 8th September 2013.
Knowledge Management LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.
Whistleblowing: An Alternative to Silence Zuzana Dančíková, Bratislava,
Institutional Visits IV KAM Prague, 3 rd to 7th September.
Delegations IV KAM Prague 3rd to 7th September 2014.
Institutional Visits ICM Cluj Napoca, 19 th to 26 th April 2015 Patrick Zischeck, Assistant for IV and SV.
SEMINAR ON LATE PAYMENT DIRECTIVE Pilar Perales Viscasillas University of La Rioja, Spain.
Institutional Visits III KAM, Bratislava 4th to 8th September 2013.
European Federation of Geologists Christian Boissavy, member of EFG Expert Panel on Geothermal Energy, France Herald Ligtenberg, EFG EU Delegate, the Netherlands.
Stanislaw Belniak Cracow University of Economics Covered Bonds as a Source of Financing Residential Properties in Poland Presentation at the ERES Conference,
Domestic work – a legislative frame in the EU? ETUC Seminar Brussels, April 2005 Wiebke Düvel European Trade Union Institute for Research, Education.
Development of Censuses in Europe and Development for EC Statistical Co-operation European Commission (Eurostat) Jurgen Heimann UNFPA/PARIS 21 International.
ELSA Law Schools ICM Cluj-Napoca, 21st April 2015.
SIS- Schengen Information System The Office for personal data protection.
Institutional Relations LXVI ICM Bodrum, 21st of October 2014.
1SEEurope network meeting April 2005 National transposition of SE legislation: an overview A preliminary report Lionel Fulton Labour Research Department.
Grants LXIV International Council Meeting 19th – 26th October, Bodrum Turkey.
OECD Short-Term Economic Statistics Working PartyJune Establishing guidelines for creating long time series for short-term economic statistics.
Meeting with the Romanian Motor Insurers’ Bureau Bucharest 19 th August 2004 Ulf Lemor.
Make it Smart&Creative ICM Cluj-Napoca, 21st April 2015.
Assistant Professor Nicoleta SIRGHI Assistant Professor Ioana VADASAN 1.
September Lobbying for health in the EU Andrew Hayes UICC/ECL EU Liaison Office Brussels.
Institutional Visit LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.
Retirement in Europe Annika Sundén Presentation at 16th Annual Meeting of the Retirement Research Consortium “Social Security and the Retirement Income.
Overview of different political party funding systems of Member States of the Council of Europe Overview of different political party funding systems of.
ELSA as the Franchise? LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.
ELSA Summer Law Schools IV KAM Prague, 3rd to 7th September 2014.
© Enterprise Europe Network South West 2009 The Eurostars Programme Kenny Legg R&D Funding for the Environmental Sector – 29 June 2010 European Commission.
Which role is yours? ADV and Promotion of ELSA projects/events LXIV International Council Meeting Opatija, Croatia October 28 th - November 3 rd 2013.
I will: Know how and why the EU was created. Understand the benefits of being part of the EU.
Promotion of AA Projects 2015/2016 ICM Batumi 18 th -25 th October 2015.
Delegations LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.
Information Security Systems Cost Effective Authenticity & Integrity in CEN/FISCALIS eInvoicing Good Practice Guidelines Nick Pope – Principal Consultant,
E u r o g u i d a n c e A Network of National Resource and Information Centres for Guidance Established in 1992.
E u r o g u i d a n c e A Network of National Resource and Information Centres for Guidance Established in 1992.
The 19 th of June 1990 : The Schengen Implementing Convention has been signed by : - Germany - Belgium - France - Luxembourg - Netherlands Calendar.
Computer Class – Summer 20092/21/2016 3:45 AM European Countries Albania Andorra Austria Belarus Belgium Bosnia and Herzegovina Bulgaria Croatia Czech.
The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina ˙ Bulgaria ˙ Croatia ˙ Cyprus ˙ Czech Republic.
Competitiveness in the Chocolate, Biscuit and Confectionery Industries in Europe David Zimmer Secretary General CAOBISCO.
11 Copyright Source Text EU Government Barometer Assessing progress on the FLEGT Action Plan commitments and EUTR across the EU 27 Beatrix Richards, Head.
Best Sustainable Development Practices for Food Security UV-B radiation: A Specific Regulator of Plant Growth and Food Quality in a Changing Climate The.
Findings on how the legal system addresses multiple discrimination in healthcare Erica Howard, Senior Lecturer in Law, Middlesex University.
Young People in Europe.
SAP Digital Business Services June 2016
European Union Duy Trinh.
General Data Protection Regulation
The Charles Hotel and Harvard Faculty Club
Managing Privacy in a Global Organization
The European Parliament – voice of the people
The European Parliament – voice of the people
The Charles Hotel and Harvard Faculty Club
Adult Education Survey
EU: First- & Second-Generation Immigrants
London Water Directors Meeting
The European Anti-Corruption Report
Cost Effectiveness Analysis Questionnaire Results
"Financing Natura 2000 Guidance and Workshops”
EU commission Rose, So Eun.
European Agency Statistics on Inclusive Education (EASIE) www
Presentation transcript:

1 The prospects of data breach laws in 18 European countries Stewart Dresner, Chief Executive, Privacy Laws & Business 11:30 a. m.11:30 a.m. Privacy in Transition: The International Perspective THE PRIVACY SYMPOSIUM - SUMMER 2008, HARVARD: PRIVACY IN TRANSITION August 18 th – 21 st 2008

2 Contents Introduction The research Results: DPAs’ views and preferred policies Advantages & disadvantages of a data breach law for DPAs, companies and individuals Common themes Recommendations by DPAs and companies Conclusions What next?

3 Introduction US data breach laws Have these US laws set a trend for Europe or are the current data protection laws sufficient? Have US laws played a role in helping raise awareness? DP and privacy laws in the EU and US cover data security – is there a need for specific provisions on action to be taken when personal data is lost or stolen?

4 Research Scope 27 EU member states All other countries within the European Economic Area: Norway, Iceland, Liechtenstein Switzerland Jersey, Guernsey, Isle of Man

5 Research Timeline January: Questionnaire by to DPAs Follow-up telephone calls and s Responses from: Czech Republic, Denmark, Finland, Guernsey, Hungary, Iceland, Ireland, Jersey, Slovak Republic, Sweden & United Kingdom EPON members’ survey and results February: Report in PL&B’s International newsletter March: Detailed report for DPAs and feedback April: Decision to pursue larger or more experienced countries and DPAs May: Responses from Italy, Spain, Portugal, Poland, Luxembourg, France and Belgium

6 Research Method responses from most countries. Face-to-face interviews (Italy, Portugal, Luxembourg) Telephone interviews (Jersey, Guernsey) Other Methods Survey distributed in Germany (Datenschutz Berater) National expert’s comments in Switzerland (David Rosenthal, Special Counsel, Member of IT & Telecommunications at Homburger, Zurich)

7 Current data breach laws Data protection legislation in all countries but no specific stand-alone piece of legislation governing a data breach Data breaches covered by data protection laws, criminal & civil codes and additional e-communication legislation General application of this legislation to the unauthorised access, loss or theft of personal information Catalogue of legislation covering general data security but no specific mention of action to be taken in the event of a data breach.

8 Demand for data breach laws Rising number of reported data breach incidents Hot topic for the media and growing political interest Differing pressures in different countries Trend for data controllers to contact the authorities where data has been inappropriately released Some DPAs aware of only a small number of organisations suffering data breaches No Europe-wide demand for a specific data breach law as current legislation is sufficient in some countries

9 Current law is sufficient to deal with this problem Denmark, Czech Republic, Hungary, France, Iceland, Spain, Switzerland No definitive answer as to whether or not their existing legislation is sufficient Slovak Republic, Belgium & Ireland Demand for data breach laws

10 DPAs’ views on purpose and scope of new data breach rules 1.Harmonisation within the EU and national implementation to reflect national needs 2.Any new data breach provisions to include both data controllers and data processors 3.Problems with breach notification in the US discourage Europe from following e.g. over- notification and inconsistency of reporting rules 4.Data breach provisions to cover both the public and private sectors 5.A ‘multi-prong strategy’ and strong intergovernmental links 6.Risks always attached to data processing

11 DPAs views on possible data breach laws 1 Agreement that some form of a data breach law would be a good idea. Three options or a combination: 1. Continue to insert data provisions into existing related legislation 2. Amend EU e-communications or general DP Directive 3. Practical Guidelines by the EU Art. 29 DP WP Arguments for and against separate piece of legislation One DPA suggested reasons for a separate data breach law: a vulnerable society is dependant on data security the need for building trust amongst data controllers

12 Some consistency is needed across Europe in this area (All) EU should regulate first (Guernsey) DPAs favouring amending their current data protection or other law to cover data breaches (UK, Jersey, Finland, Poland, Portugal, Luxembourg, Italy) DPAs views on possible data breach laws 2

13 DPAs’ Preferred Policies 1 1.More human and financial resources 2.Notification of data breaches. 3.Orders from DPAs to data controllers and processors to act in a specific way in response to a data breach. 4.Discretion to impose sanctions and appropriate fines 5.Compensation to individuals (in conjunction with civil law provisions) 6.Power to conduct audits when necessary

14 7. DPAs favouring new provisions covering both the public and private sectors (All) 8. DPAs favouring new provisions to cover both data processors and controllers (All DPAs apart from Ireland & Guernsey) 9. DPAs favouring companies notifying them of data breaches (UK,Jersey, Czech Republic, Guernsey, Ireland, Finland, France, Portugal, Luxembourg, Italy) 10. DPAs favouring companies paying compensation to individuals (Poland, UK, Finland, France & Italy) 11. DPA offering data breach guidance (UK) DPAs’ Preferred Policies 2

15 PL&B’s Conclusions The ‘ideal’ is a synthesis of DPAs’ and companies’ views which are also practical for data subjects. A data breach plan should be: proportionate an alert to a DPA when there is substantive rather than a procedural problem have more emphasis on a remedy to a problem, and less emphasis on sanctions

16 What next? EU Level 1.Extension of EU e-communications directive to include data breach legislation for ISPs, other sectors 2.Amend general EU DP Directive 3.Practical guidelines by the Article 29 Working Party National Level 1.Modest amendments to national laws e.g. Luxembourg amending DP code to include responsibilities of processors as well as controllers Company Level 1.Broader breach management programmes 2.Continuing improvement of internal systems e.g. reporting mechanisms

17 …and full report from Privacy Laws & Business Questions? Stewart Dresner, Chief Executive Privacy Laws & Business Monument House, 215, Marsh Road, Pinner, Middlesex, United Kingdom Telephone: + 44 (0)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.