Farid Bouguettaya | Information Security Breaches & The Law

Categories
Categories
Pages
Andreas Leupold Annie C. Bai Armando Becerra Brazil Canada Canadian Law Central America Central American Law Colombia Comments Conferences Countries Cédric Laurant English Español EU Law Europe European Union Farid Bouguettaya France Français Germany Héctor Guzmán Infographics Interviews Joseph Santangelo Latin America Law Marie-Andrée Weiss Mexico News Non-EU North America Notes Online Backup Geeks Opinions Outlines Português Posts (Practical guides) Renato Leite Monteiro Reports & Surveys South America South American Law United Kingdom United States
Security Breach Library (latest items)
- Fortinet 2013 Cybercrime Report (December 2012) This paper explores the world of the cybercriminal, describes how they build and deploy attacks to harvest valuable data, and what you can do to fight back.
- Online Trust Alliance Data Protection & Breach Readiness Guide (February 2013) The goal of the 2013 Data Protection & Breach Readiness Guide is to provide prescribed guidelines that help businesses proactively develop a plan to minimize data collection, enhance data protection and to create a customer-centric incident response p
- Security & Defense Agenda, Cyber-security: "The vexed question of global rules – An independent report on cyber-preparedness around the world" (Feb. 2012) This report is made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a glob
- Verizon, 2013 Data Breach Investigations report (April 2013) This report makes you discover stats that might surprise you: from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach.
January 2020

M T W T F S S

« Sep

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31
Blogroll (recommended reference websites)

January 2020
M	T	W	T	F	S	S
« Sep
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

ENISA Surveys Stakeholders of Upcoming EU Data Breach Notification Regime

Posted by "Security Breaches" Administrator on February 23, 2011 · 3 Comments

"Grillage gelé" (Photo by "Photophilius"; shot on Dec. 13, 2008). Available at http://www.flickr.com/photos/30254220@N04/3116313871/ (Creative Commons "Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0)" license.)

The European Network and Information Security Agency has recently published a report on data breach notifications in the European Union. ENISA surveyed data protection authorities, telecommunications regulatory authorities and telecom operators from different countries in the EU, but also from other non-EU countries such as the United States.
Using the various stakeholders’ responses, the report helps understand the practices and challenges of the future mandatory data breach notification regime, and aims to assist public authorities and private organizations in the EU as they implement data breach notification policies by providing a set of recommendations.
(Résumé aussi disponible en français)

Rate this:

Category Cédric Laurant, English, Europe, European Union, Farid Bouguettaya, Non-EU, Outlines, Reports & Surveys · Tagged with "Telecom Package", Article 29 Data Protection Working Party, best practices, black lists, breach mitigation measures, data breach, data breach inventory, data breach notification, data breach notification policy, data breach notification procedures, data breaches, data ombudsman, data protection, data protection officer, data security, data security breaches, deterrence measures, ENISA, EU Directive 2002/58/EC, EU Directive 2009/136/EC, EU Directive 95/46/EC, EU e-Privacy Directive, EU Regulation 460/2004/EC, European Commission, European data protection authorities, European Data Protection Supervisor, European Network and Information Security Agency, financial sector, fines, Germany, guidelines, healthcare sector, Information Commissioner Office (UK), information security, information security policy, Internet service providers, media exposure, monetary penalties, negative publicity, Norway, personal data, publicly available electronic communications services, regulatory authorities, Royal Decree (No. 1720/2007) (Spain), security document, Spain, technical implementing measures, telecommunications operators, telecommunications sector, Turkey, undue delay, United Kingdom, United States

La CNIL publie son premier guide sur la sécurité des données

Posted by "Security Breaches" Administrator on November 15, 2010 · Leave a Comment

"La sécurité" - Photo by Boris Drenec (2008). Shot on March 3, 2008. Available at http://www.flickr.com/photos/_boris/2360263645/in/pool-632629@N22/ (Creative Common "Attribution-NonCommercial-ShareAlike 2.0 Generic" license.)

La CNIL vient de publier son premier guide pratique sur la sécurité des données. Cette publication s’inscrit dans un mouvement plus général en Europe qui tend à renforcer le niveau de sécurité des données personnelles en prévoyant l’obligation de notifier les violations de sécurité. Dans ce cadre, la CNIL invite à un audit des systèmes d’information, à une évaluation des risques, et explique en 17 fiches pratiques les éléments essentiels et solutions techniques pour garantir la sécurité des données. Les entreprises procédant à des traitements de données à caractère personnel pourront utiliser ce guide afin de se conformer à l’obligation de sécurité prévue par la Directive “Données personnelles” et par la loi Informatique et Libertés. Ce guide sera d’une grande utilité pour les responsables de traitements, directeurs de systèmes d’information et CIL qui souhaitent améliorer la sécurité des traitements de données dans leurs entreprises.

Rate this:

Category Cédric Laurant, Comments, Europe, European Union, Farid Bouguettaya, Français, France, Outlines, Posts (Practical guides) · Tagged with anonymisation, archivage, audit des systèmes d’information, authentification, évaluation des risques, charte informatique, chiffrement, CIL, CNIL, Commission nationale de l’informatique et des libertés, correspondant "informatique et libertés", cryptage, directeurs de systèmes d’information, Directive 95/46/CE, données à caractère personnel, droit de la protection des données à caractère personnel, engagement de confidentialité, gestion des flux de données, gestion des risques, habilitations, loi "Informatique et libertés", mots de passe, notification des violations de securité, obligations en matière de sécurité, quizz sécurité, sécurité des données, sécurité des systèmes d’information, sécurité des traitements de données, sécurité des traitements de données a caractère personnel, sensibilisation des utilisateurs, solutions techniques, systèmes d’information, traitements de données à caractère personnel, Union européenne, vie privée, violation de données à caractère personnel, violations de sécurité

Read this website in your language!

--> Click here to translate
Most Visited Posts & Pages (last 24-48 h)
Top Rated
Recent Posts
Tag Cloud
adequate level of data protection América Móvil anonymization Anteprojeto de Lei sobre privacidade e proteção de dados pessoais (Brasil) Argentina Article 29 Data Protection Working Party Assemblée nationale française Binding corporate rules brechas de seguridad Bundesdatenschutzgesetz California Office of Privacy Protection California Security Breach Notification Act Californie CIL cloud computing CNIL Code des postes et des communications électroniques Commission nationale de l’informatique et des libertés confidentiality confidentialité des données contractual clauses correspondant "informatique et libertés" cybersecurity Código de Defesa do Consumidor (Brasil) dados pessoais damage to reputation data breach data breaches data breach notification data controller data loss data protection Data Protection Authority data protection by default data protection law data protection officer data security data security breaches data subject datos personales Directive 95/46/CE Directive 2009/136/CE Directive 2009/140/CE données à caractère personnel Düsseldorfer Kreis encryption ENISA Estados Unidos EU Directive 95/46/EC EU Directive 2002/58/EC EU Directive 2009/136/EC EU e-Privacy Directive European Commission European data protection authorities European Data Protection Supervisor European Network and Information Security Agency European Union external audit externalisation failles de sécurité falhas de segurança fallas de seguridad Farmacias San Pablo fuga de datos fuga de información German Federal Data Protection Act Germany Google hackeo hacking IaaS IFAI Information Commissioner’s Office information security Informatique en Nuage Instituto Federal de Acceso a la Información y Protección de Datos integrity intimidade IT security Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) LFPDPPP LinkedIn loi "Informatique et libertés" loi no. 78-17 du 6 janvier 1978 medidas de seguridad México notificación de brechas de seguridad notificación de vulneraciones de seguridad notification des violations de securité obligations en matière de sécurité PaaS personal data plan de continuidad de negocio Privacidade privacy privacy by design Proteção de Dados Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) responsable du traitement responsables de traitement de données RLFPDPPP SaaS Safe Harbor Framework Safe Harbor self-certification security breach security breaches security breach notification self-regulation sensitive information sensitive personal information sécurité des données technical and organizational measures technological protection measures Telcel TV Azteca Union européenne United Kingdom United States US Federal Trade Commission vie privée violaciones de seguridad violations de sécurité vulnerability vulneración de datos personales vulneración de seguridad
Blog Tweets (last 5)
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #biometric #privacy - Tweeted 5 days ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hipaa #privacy - Tweeted 1 week ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hipaa - Tweeted 2 weeks ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight - Tweeted 3 weeks ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #privacy #ransomware - Tweeted 1 month ago
Follow @security_breach
Recent News on Security Breaches
- ENISA releases report on situation of implementation of e-Privacy Directive's data breach notification requirement (ENISA, Jan. 13, 2011) “ENISA reviewed the current situation in order to develop a consistent set of guidelines addressing the technical implementation measures and the procedures, as described by Article 4 of the reviewed Directive 2002/58/EC.”
- "EU Study Frowns over Data Breach Notification Rules. Cyber-security Agency Worries" (The Register, Jan. 14, 2011) New study identifies risk prioritisation, enforcement and resources as key issues. ENISA hopes research will help to develop best practice on breach notification and inform future decisions on whether EU rules, first to apply to telcos and ISPs, ought to
- Citigroup Cites $2.7 Million in Customer Losses From Hack (Wall Street Journal, June 25, 2011) Citigroup Inc. has told government officials that about 3,400 of the customers whose credit-card information was hacked have suffered about $2.7 million in losses
- Citigroup did little to assist victims of privacy breach, critics say (The Globe and Mail, June 24, 2011) After a massive data breach last month, Citigroup did not offer its hacked clients the same degree of identity-theft protection that many other companies provide, drawing criticism from privacy advocates.
- Citigroup says hackers accessed bank card data (The Globe and Mail, June 9 & 14, 2011) About 1% of Citibank’s card customers were affected by the breach, which a report asserts had been discovered in May during routine monitoring.
- Preparation for hacker attacks helps in protecting, insuring firms (Business insurance.com, June 27, 2011) “Preparing in advance for a seemingly inevitable data breach will put a company in a better position to respond when its systems are attacked, as well as improve its position with insurers in seeking cyber risk coverage.”
- "Data Breaches a Symptom of a Bigger Problem" (Infosecurity-us.com, June 14, 2011) “Organizations that lack adequate security funding – especially small and medium-sized businesses – are being targeted by hackers because they are easy prey.”
- "Cybersecurity: SEC outlines requirement that companies report cyber theft and attack" (Washington Post, Oct. 15, 2011) “Cyberspies and criminals steal what is estimated to be tens of billions of dollars worth of data from U.S. companies each year. Yet experts say few companies report these losses to shareholders.”

Information Security Breaches & The Law

Categories

Pages

Security Breach Library (latest items)

Blogroll (recommended reference websites)

ENISA Surveys Stakeholders of Upcoming EU Data Breach Notification Regime

Rate this:

La CNIL publie son premier guide sur la sécurité des données

Rate this:

Read this website in your language!

Most Visited Posts & Pages (last 24-48 h)

Top Rated

Recent Posts

Tag Cloud

Blog Tweets (last 5)

Recent News on Security Breaches

Blog authors

Copyright notice

Authors' recent talks on information security & data protection issues

Authors' upcoming talks on information security & data protection issues

Archives by date

Subscribe to this blog by e-mail

The “Global Information Security Breach Professionals” Group on Linkedin

Wordpress Blog Stats