France enacts breach notification law for ISPs and telcos

Information Age, August 31, 2011

Electronic communication service providers operating in France must notify regulator and affected individuals in the event of a data breach. Internet service providers or telcos operating in France that suffer a data breach must notify the country’s data protection authority and any customers who may be affected, following an amendment to France’s Data Protection Act. A data breach is defined in the ordnance, announced last week, as “any security breach that accidentally or unlawfully results in the destruction, loss, alteration, disclosure or unauthorised access to personal data”.  French ISPs must inform customers of a breach if it is likely to impact their privacy or data protection. However, if the regulator – the Commission nationale de l’informatique et des libertés (CNIL) – believes adequate measures are in place to prevent this from happening, they will not have to inform customers. Providers that fail to comply with the new rules face up to five years in prison and a €300,000 fine.

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: