Document details
Document title
New Approaches to Network and Information Security Regulation: The EU Telecoms Package
The ePrivacy Directive and the Framework Directive as amended by the EU Telecoms Package introduce, for the first time, obligations for providers of public communications networks and for providers of publicly available electronic communications services to notify certain personal data security breaches and certain network security breaches to subscribers, individuals concerned, and/or the competent national (regulatory) authority. This paper analyzes the conditions under which different types of security breaches will have to be notified and to whom this notification will have to be addressed. The paper will conclude with a risk-based assessment of these new security breach notification requirements, examining to what extent they not only allow users to take corrective security measures and regulators to make informed policy choices, but also to what extent the new policies address the fundamental problem of the misalignment of risk and risk mitigation capability.
Verlag Dr. Otto Schmitt
ISSN : ISSNNV : 1610-7608
Computer law review international Y. 2010, No. 2, pages 43-49 [7 pages] [bibl. : 50 ref.]
This document can be reproduced free for members of the CNRS community.
For members of communities outside the CNRS, the paid reproduction of this document is subject to the authorization of the Centre Français d’Exploitation du Droit de Copie (Copyright authorities).

To use our services (strictly reserved for members of the CNRS (National Center for Scientific Research), French Higher Education and Research and public sector communities in France and other countries):