RD358 - ETNO Reflection Document - Response to the public consultation on the ePrivacy Directive: circumstances, procedures and formats for personal data breach notifications
Data breach notification systems must remain valuable for end-users and excessive notifications, without due cause, must be avoided. “Undue delay” in notification to individuals should be the shortest period possible but it may not be appropriate to define a specific timeframe in legislation. Standardized notification forms may be useful when notifying authorities. However, flexibility around communicating with subscribers/individuals should be allowed.Executive Summary:
Data breach notification systems must remain valuable for end-users and excessive notifications, without due cause, must be avoided. “Undue delay” in notification to individuals should be the shortest period possible but it may not be appropriate to define a specific timeframe in legislation. Standardized notification forms may be useful when notifying authorities. However, flexibility around communicating with subscribers/individuals should be allowed.
Executive Summary:
- Data breach notification systems must remain valuable for end-users and excessive notifications, without due cause, must be avoided. It is important that end-users do not lose confidence in telecommunication services.
- “Undue delay” in notification to individuals should be the shortest period possible but it may not be appropriate to define a specific timeframe in legislation. Notification of an incident to national authorities can, however, occur at the early stage of the process.
- Standardized notification forms may be useful when notifying authorities. However, flexibility around communicating with subscribers/individuals should be allowed as there are differences according to the type of emergency, technical complexity and the number of persons to be contacted.