» ISP News » 
Sponsored Links

EU Impose New Personal Data Rules on UK Phone and Internet Providers

Tuesday, Jun 25th, 2013 (1:30 am) - Score 618

The European Commission (EC) has this week implemented new rules to help telephone and broadband providers (ISP) know what to do when their customers’ personal data is either lost, stolen or otherwise compromised. But companies that encrypt your data won’t have to tell you if it’s been stolen.

Internet providers typically hold a range of personal details about their customers, such as names, addresses, bank details, website visits, phone usage and so forth. Data like this could easily be abused by criminals, if it got into the wrong hands, and as a result it’s important to keep it all secure.

Related companies already have a general obligation to inform national authorities and subscribers about breaches of personal data, although the new measures are an attempt to clarify some rules and standardise the approach.

Neelie Kroes, EC Vice-President, said:

Consumers need to know when their personal data has been compromised, so that they can take remedial action if needed, and businesses need simplicity. These new practical measures provide that level playing field.”

The Key Rules

• Companies must: Inform the competent national authority of the incident within 24 hours after detection of the breach, in order to maximise its confinement. If full disclosure is not possible within that period, they should provide an initial set of information within 24 hours, with the rest to follow within three days.

• Companies must: Outline which pieces of information are affected and what measures have been or will be applied by the company.

• In assessing whether to notify subscribers (i.e. by applying the test of whether the breach is likely to adversely affect personal data or privacy), companies should pay attention to the type of data compromised, particularly, in the context of the telecoms sector, financial information, location data, internet log files, web browsing histories, e-mail data, and itemised call lists.

• Companies must: Make use of a standardised format (for example an online form that is the same in all EU Member States) for notifying the competent national authority.

However the EC also wishes to “incentivise companies” to encrypt personal data and as a result any company that applies this would apparently be “exempt from the burden of having to notify the subscriber because such a breach would not actually reveal the subscriber’s personal data“. We can see why they’d take this stance but at the same time we still think that subscribers’ should be informed; nothing remains 100% secure forever.

By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
Gift: None
Shell Energy UK ISP Logo
Shell Energy £26.99
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
Gift: None
Community Fibre UK ISP Logo
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
Gift: None
BeFibre UK ISP Logo
BeFibre £21.00
Gift: £25 Love2Shop Card
Hey! Broadband UK ISP Logo
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5582)
  2. BT (3533)
  3. Politics (2554)
  4. Openreach (2312)
  5. Business (2284)
  6. Building Digital UK (2253)
  7. FTTC (2050)
  8. Mobile Broadband (1991)
  9. Statistics (1800)
  10. 4G (1681)
  11. Virgin Media (1640)
  12. Ofcom Regulation (1473)
  13. Fibre Optic (1406)
  14. Wireless Internet (1401)
  15. FTTH (1382)

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact