September - 2009


Data breach notification in France

In order to entice data controllers to strengthen their security measures, the Legal Committee of the Senate recommends to introduce an obligation to notify security breaches.

The Legal Committee of the Senate(second house of the parliament) has ordered a report on the protection of privacy in the context of our society evolving more and more into a digital society. 

This very thorough and interesting 153 pages report includes 15 recommendations, one of which is to (recommendation n°11)  to create an obligation to notify security breaches. The report makes this recommendation although there hasn't been a major security breach disclosed in France, but it refers to examples of several data breaches scandals which occured in the UK and Germany (page 99) and to the legislative wave which took place in the US.  

The report recommends that the notification be made at least to the CNIL, instead of directly to individuals. The criteria and thresholds for notification still have to be determined.

<link www.senat.fr/rap/r08-441/r08-441-syn.pdf>www.senat.fr</link>;

The take away is that our MPs are now more aware and sensitized to e-privacy issues. They have finally entered the digital age. Now, for this recommendation to become law, we still need a stronger political will, which could  come from either the government or from a large number of MPs so that a bill be put on the agenda of the parliament.


Tags:


Links: