Abstract
This chapter will set the context and aims of this book which is the extent to which data security breaches play a role within a data protection context. This chapter will introduce and consider the notion of cybersecurity in the context of data protection.
It is all about trust and transparency
Cybersecurity Summit, London 2011
The debate is not security versus privacy. It’s liberty versus control
Bruce Schneier
Dr. Rebacca Wong—Lecturer at Nottingham Law School. She can be contacted at r.wong@ntu.ac.uk. Grateful acknowledgements to Dr Marco Roscini and anonymous reviewers for theirinsights and feedback into this field. Any errors or omissions remain with the author.
Keywords
“Trust and security” were the words that resonated at the recent East West Institute Cyber Security Summit held in London in 2011 [1]. Whilst discussing the need for a Cyber Security Treaty, there was consensus amongst Government bodies and policy makers that cybersecurity was an issue that needed to be addressed. Amongst the examples in support of a call for a Cybersecurity Initiative, the following examples (not exhaustive) were given:
Is it acceptable for one country to attack another hospital’s database? How about the flight systems that support passenger planes in the air? [2]
Whilst these examples may seem remote with culpability normally attributed to the individual(s) rather than the collective responsibility of a State for the actions or inactions in the event of a cybersecurity breach and criminal sanctions imposed where appropriate (see the UK Computer Misuse Act for instance), it is indicative of the concern for discussion amongst cybersecurity issues by experts, corporations and governmental officials around the world.
Discussion about data protection issues and its role arose very briefly. The Data Protection framework within Europe remains a key focal point in understanding how best to achieve a balance between an individual’s right to their privacy whilst protecting right to freedom of expression. Information security in the data protection context is more concerned with security breaches involving the loss of data held for instance on a CD or a database resulting in calls from the Data Protection Regulatory Authorities (see UK ICO [3] as an example) for stronger legislative remedies for individuals to deal with Information Security setbacks (see UK ICO [3] and Germany [4, 5] as an example).Footnote 1
This SpringerBrief will consider the notion of cybersecurity in the context of data protection. By this, one is referring to “data breach notification and data security breaches”. This will be followed by a detailed analysis of data security provisions under the Data Protection framework by revisiting the background into the Data Protection Directive 95/46/EC and the Directive on Privacy and Electronic Communications 2002/58/EC (as amended by the Citizens Directive 2009/136/EC). The author will then consider the proposed data breach notification provisions introduced under the Data Protection Regulation on January 2012, the UK ICO’s response and the European Parliament’s proposed amendments followed by a consideration of the Directive against Information system and the proposed EU’s draft of the Cybersecurity Directive introduced in January 2013, which is a significant development and its shortcomings.
Notes
- 1.
This compares with the opposite scenario where individuals willingly share their personal information with friends and colleagues onto a public platform such as social networking website with a different level of privacy expectation. This is not the focus of this chapter.
References
EastWest Institute (2011) The second worldwide cybersecurity summit. http://www.ewi.info/second-worldwide-cybersecurity-summit. Accessed 4 Dec 2011
EastWest Institute (2011) Protecting the digital economy: the first worldwide cybersecurity summit in Dallas. http://www.ewi.info/dallas
ICO (2013) Notification of data security breaches to the information commissioner’s office. http://www.ico.org.uk/~/media/documents/library/data_protection/practical_application/breach_reporting.ashx. Accessed 9 April 2013
Day J (2009) Germany strengthens data protection act, introduces data breach notification requirement. http://www.jonesday.com/germany-strengthens-data-protection-act-introduces-data-breach-notification-requirement-10-26-2009/. Accessed 26 October 2009
Hunton and Williams Privacy and information security blog (2011) German DPAs publish comprehensive FAQs on statutory data breach notification requirement. http://www.huntonprivacyblog.com/2011/05/articles/german-dpas-publish-comprehensive-faqs-on-statutory-data-breach-notification-requirement/. Accessed 31 May 2011
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2013 The Author(s)
About this chapter
Cite this chapter
Wong, R. (2013). Introduction. In: Data Security Breaches and Privacy in Europe. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-5586-7_1
Download citation
DOI: https://doi.org/10.1007/978-1-4471-5586-7_1
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-5585-0
Online ISBN: 978-1-4471-5586-7
eBook Packages: Computer ScienceComputer Science (R0)