Enisa Reviews Data Breach Notification Rules To Understand Concerns Of Telecom Companies

By Author: Peter Martin
Total Articles: 211
Comment this article

The recent years have witnessed steady increase in data breach incidents. Data breach may result from leakage of sensitive information by an employee, unauthorized access, human error, hacking attack and leakage of authentication details by a dealer or third party contractor. As data breach incidents may have severe implications on the privacy, credit situation and reputation of the affected parties, organizations are required to abide by the notification rules issued by regulatory authorities.
However, data breach notifications may also have adverse implications on the reputation of an organization. Usually, professionals with IT security certifications conduct investigation on the causes of the breach and initiate remedial measures before notifying the stakeholders. The European Network and Information Security Agency (ENISA) recently conducted a study to understand the concerns of telecom companies and data protection authorities in adhering to an ePrivacy directive of the European Parliament and council of European Union. The study assumes significance in the light of the recent data breach incidents at Telecom companies. ...
...

The concerns of telecom companies and data protection authorities relate to lack of risk prioritization, mode of communication, reporting deadlines and notification content among others. Prioritizing risk is crucial to devote adequate resources and initiating appropriate measures. Companies expressed concern on the possible adverse impact on their reputation on complying with data breach notification rules. While regulatory authorities stipulate shorter deadlines for data breach notifications, companies advocate initiating mitigating measures before reporting data breach incidents.

Lack of awareness among customers may cause undue alarm and panic among customers. Notification content assumes high significance in this context. Regulatory authorities and telecom companies must jointly undertake online computer training programs to create awareness on the possible threats, their likely implications, preventive and remedial measures to be adopted by the customers.

ENISA studied the best practices and experiences of other industries to understand preventive and corrective measures to be adopted in dealing with data breach incidents. The study attempted to understand the various perspectives of notification management within and outside the industry. The study may help regulatory authorities in coming up with an acceptable and effective notification rules. ENISA also plans to conduct a workshop for sharing ideas on data breach notifications.

Telecom companies at their end must conduct regular security appraisals through security specialists such as ethical hacker certified professionals to understand the possible threat vectors and initiate preventive action. They must also encourage safe IT practices among employees to promote IT security conscious culture in the organization and reduce data breach incidents.