2008 October 22 - New Legal Requirements for the Electronic Communications Sector

Links

• Belgacom
• FITCE Europe

22/10/2008

New Legal Requirements for the Electronic Communications Sector: Security Breach Notification, Content Filtering and Data Retention
The report

On 22 October 2008 FITCE.be organised a workshop about “New Legal Requirements for the Electronic Communications Sector: Security Breach Notification, Content Filtering and Data Retention”. 
The workshop was hosted and sponsored by Belgacom. 
The three invited speakers were Anna Buchta, policy officer at the European Commission, DG Information Society and Media; John Jennings, company lawyer at CISCO (Kortrijk) and Luc Beirens, head of the Federal Computer Crime Unit of the Belgian Federal Police. 

Mrs Anna Buchta presented first a general overview of the proposed amendments to the regulatory framework on electronic communications. 
One of these amendments aims at introducing an obligation for electronic communications providers (operators, ISPs, etc.) to notify security breaches to the affected users and to the public authorities. 
Following the proposal of the European Commission this obligation is restricted to operators/providers of public electronic communications networks and services.
The European Parliament recently (September 2008) proposed to extend this obligation to “any undertaking operating on the Internet and providing services to consumers”. 
Mrs Buchta further explained an E.P. amendment requesting ISP’s to inform their subscribers and users about measures taken by themselves or by public authorities to restrict the dissemination of unlawful content via the Internet (e.g. illegal copies of copyrighted content). 
Finally Mrs Buchta commented on the proposals issued by the European Parliament with regard to “net neutrality” and to “net freedom”. 

Mr. John Jennings, currently a company lawyer at CISCO in Kortrijk but formerly working as a practicing lawyer in the U.S. (Kansas), was invited to explain the US experiences in the area of compulsory security breach notification. 
He provided the audience with an overview of the legislation enacted by various States (California, Arizona, Georgia, a.o). 
The overview illustrated that the introduction of a legal obligation to notify security breaches generates a large number of questions (such as: how to define a security breach, how to proceed for notification, possible actions by public authorities, etc.). 

After the coffee break, Mr. Luc Beirens, head of the Federal Computer Crime Unit of the Federal Police, informed the participants about the status of the Belgian implementation of the European directive on data retention. 
This directive introduces an obligation for operators and providers of public electronic communication networks to store traffic and location data exclusively for law enforcement purposes during a period with could reach 24 months. 
The obligation not only affects fixed and mobile telephone networks but also typical Internet applications such as e-mail and Internet telephony. 
Mr. Beirens explained the current status of the discussion on this issue in Belgium and transmitted the view of the law enforcement agencies in this area. Representatives of ISPs and other stakeholders in the audience expressed their concerns about issues such as the cost involved, the practical problems of implementation and in particular the duration of the retention period. 

All presentations generated a very lively interaction and discussion with the participants. Despite the fact that the topic of the workshop was focused on quite specific regulatory topics, it attracted a group of about 50 very interested and active participants. 
The discussions continued afterwards during a copious reception offered by Belgacom.

Presentations
Telecom Review
Security Breach
Data Retention

This event was sponsored by Belgacom 

>> back to list