Advanced Search

Guidelines On Implementation Of The Framework Sullacomunicazione Of Personal Data Breaches. (Resolution No. 221).

Original Language Title: Linee guida in materia di attuazione della disciplina sullacomunicazione delle violazioni di dati personali. (Deliberazione n.221).

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
The authority for the protection of personal data at today's meeting, in the presence of Dr. Antonello Soro, President, dott.ssa Augusta Iannini, dott.ssa Giovanna Bianchi Clerici, the vice President and prof.ssa Licia Califano, components and Dr. Joseph Busia, Secretary General; Having regard to the personal data protection code (Decree legistativo June 30, 2003, n. 196, hereinafter the ' code '), and in particular art. 32-bis; Having regard to Directive 2002/58/EC of July 12, 2002, the European Parliament and the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications); Having regard to Directive 2009/136/EC of November 25, 2009 of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users ' rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws; Having regard to Directive 2009/140/EC of November 25, 2009 of the European Parliament and of the Council amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to electronic communications networks and associated facilities, and 2002/20/interconnection of, and EC on the authorisation of electronic communications networks and services; Having regard to the Legislative Decree May 28, 2012, n. 69 «changes to Legislative Decree June 30, 2003, no. 196, containing personal data protection code in 2009/136/EC directives on the processing of personal data and protection of privacy in the electronic communications sector, and 2009/140/EC on electronic communications networks and services and Regulation (EC) no 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws "(published in the official journal May 31, 2012 # 126); Having regard to the Legislative Decree May 28, 2012 # "changes in Legislative Decree 70 1 St August 2003, n. 259, establishing a code of electronic communications in 2009/140/EC directives relating to electronic communications networks and services, and 2009/136/EC on the processing of personal data and protection of privacy "(published in the official journal May 31, 2012, # 126); Considered it necessary to provide initial guidelines and instructions concerning new reporting obligations on the providers of publicly available electronic communications services to the public in cases of personal data breach, as expressly provided for by art. 32-bis, paragraph 6, of the code; Detected an opportunity that the prescription of certain measures, the State identified in the UK document, to be preceded by a public consultation, directed specifically to these suppliers in order to gain additional feedback on the adequacy of the same requirements, as well as on its implementation mode, also because of the possible cases that constitute in the meantime; Having regard to the observations of the Office, made by the Secretary-General in accordance with art. 15 of Regulation No 1/2000; Speaker dr. Antonello Soro;
Resolution: pursuant to arts. 154-bis, paragraph 6 and 32, paragraph 1, lett. c) of the code: a) to adopt the UK document, containing "guidelines for the implementation of the regulations on communication of personal data breaches, which forms an integral part of this resolution (annex 1).
b) to launch a public consultation on the application mode specified in points 4.2, 7.1, 7.2 and 7.3 of the document referred to in point a), reserving the right to intervene on the same also in the light of the results of the comments received. These observations and comments can be received, within a period of 90 days from the publication of this resolution, to the address of the authority of Piazza di Monte Citorio n. 121, 00186 Rome, or to the following e-mail address: consultazionedatabreach.gpdp.it The present deliberation will be posted on the sponsor's website www.gpdp.it and will be forwarded to the Ministry of Justice with a view to its publication in the official journal of the Italian Republic by the Office publishing laws and decrees. Roma, July 26, 2012 President and Rapporteur General Secretary Soro Busia