Data Protection – Self RegulationData Protection – Self Regulation

The European Commission (“EC”) published a Communication (2006) 251 (“the Communication’) in relation to a strategy for a Secure Information Society entitled "Dialogue, partnership and empowerment".  The Communication is aimed at Governments, agencies and the private sector.  It deals specifically with the requirement for increased information security in the wired world and a greater need to communicate good security management practices and the need to control security breaches to maintain consumer confidence.

The EC is hoping to encourage private sector stakeholders to take steps:

• To develop the allocation of roles and responsibilities in respect of information security in relation to software producers and internet service providers;
• To publish information security policies, procedures and practices;
• To promote information security training in relation to employees;
• To promote diversity, openness, interoperability, usability and competition as the catalyst for information security in addition to stimulating the deployment of security enhancing products;
• To strive to more affordable security certification schemes for products and services especially in terms of privacy protection; and
• To work with the insurance sector to develop appropriate risk management tools and methods to managing information security.

Comment: The US has legislation in place in a number of States in relation to breaches of information security.  Reading between the lines, we seem to be heading in the direction of self-regulation.

Please contact us for assistance in your data protection enquiries at [email protected]

 

© RT COOPERS, 2006. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances.