• About CSIA
  • Mission Statement
  • Committees
  • CSIA Team
  • CSIA Offices
• Board Members
• Events
  • CSIA Events
  • Industry / Gov't Events
  • Member Events
• Member Directory
• Newsletters
  • Current Issue
  • Archive
  • Sign Up
• Testimonials
• Join CSIA

CSIA 2007 EU Priorities

Strengthen security provisions in the EU e-privacy directive concerning electronic communications by introducing data breach notification obligations and minimum security requirements for electronic communication providers

The EU is currently reviewing the EU regulatory framework for electronic communications of which the e-privacy directive is a part. The European Commission has already indicated that it would like to enhance the security provisions of the e-privacy directive as current provisions are not deemed sufficient. Currently, there is no obligation to notify in case of a security breach. Although the directive does stipulate that electronic communication providers must notify in case of a risk of a breach, with networks being under constant risk of a breach, this provision has never been adhered to. The scope of the e-privacy directive is limited to electronic communication network providers.

By introducing data breach notification and minimum security measures obligations, electronic communication network providers will be obliged to take security more seriously resulting in a more secure electronic environment with all related benefits (increased consumer confidence in the on-line world, economic gains, etc.). Once these requirements have been adopted in this context, CSIA will make it its mission to broaden the requirements for data breach notification and minimum security measures to any entity holding sensitive personal information.

Provide input and expertise to EU initiatives in the area of critical infrastructure protection.

What is the issue?

The European Commission put forward in December of last year its proposal for a European Programme for critical infrastructure protection. The objective of the programme is to enhance European cooperation and protection of European critical infrastructures. Work will be done on a sector by sector basis, following identification of priority sectors by the European Commission. It is expected that ICT will be one of the first priority sectors.

Why is it important?

Critical information infrastructures are critical for the continued and efficient functioning of services across Europe. CSIA members have extensive expertise in this area as well as an interest to ensure that EU initiatives take account of existing best practices and lessons learned in other countries and regions.