Brussels, 20/01/2011 (Agence Europe) - The agency responsible for network and information security, ENISA, has published a report on data breach notifications. ENISA has studied the current situation and identified major concerns, both on the part of the telecommunications operators and the data protection authorities (DPA), stressing that the European DBN (data breach notification) requirements for the communications sector, set in place by the directive ePrivacy, are vital to increase the level of data security in Europe in the longer term. If the expectations of the DPA and the operators coincide, in that both recognise the important role of the DBN in the protection and confidentiality of data, there are still differences of opinions. The main concerns raised by the operators and the DPA relate to: 1) the prioritisation of risks: breaches should be categorised on the basis of their risk levels, to avoid “notification fatigue”; 2) channels of communication: the operators wish to be reassured that the notification requirements will not have any negative effects on their brands; 3) the application of the law: the data protection authorities stress that effective sanctions will allow them to enforce the rules much more easily; 4) excessive delays in reporting: whereas the regulators want to see short lead times to report breaches, the service providers would prefer to focus their resources on solving the problem; 5) the content of the notifications: the operators wish to ensure that this will not negatively affect relations with the client. The regulators, however, want all necessary information. (I.L./transl.fl)