Regulatory Developments

The Commission’s proposed Data Protection Regulation seems very positive for Incident Response. Indeed Recital 39 explicitly supports the work of Incident Response Teams:
The processing of data to the extent strictly necessary for the purposes of ensuring network and information security … by public authorities, Computer Emergency Response Teams … providers of electronic communications networks and [...]

Last week the European Commission published their proposed new Data Protection legislation. This will now be discussed and probably amended by the European Parliament and Council of Ministers before it becomes law, a process that most commentators expect to take at least two years. There’s a lot in the proposal so this post will just [...]

As well as looking at some of the legal issues around sharing information among incident response teams, earlier this month I was invited by the Janet’s Portugese equivalent, FCCN, to talk on the practical issues at their national CERTs conference in Lisbon. I was one of three speakers on the topic: since the others work [...]

Statewatch have published what appears to be a leaked draft of Commission ideas for revised data protection legislation. All the legal commentary I’ve seen suggests that in its current form it’s very unlikely to become law, but as no one is suggesting that it isn’t a genuine Commission document I thought it was worth a [...]