France’s New Breach Notification Requirements
Maryanne Stanganelli reports:
On May 28, 2012, the French data protection regulator (CNIL) released new guidance on breach notification laws. The guidance regards a 2011 ordinance that recently came into force on April 1. Among other things, the ordinance amends existing French data protection law (Law on Information Technology and Liberties (78-17 of 1978)) to reflect the EU e-Privacy Directive’s (2009/136/EC) breach notification requirement for ISPs and others.
The Guidance provides that the ordinance applies to e-communication service providers, including ISPs and mobile phone operators, that are registered with the French Authority for Regulation of Electronic Communications and Posts (ARCEP). It does not yet apply to online banks, e-commerce sites or other “information society” services.
Read more on Data Privacy Monitor.