On the 25 August 2013, the new rules setting out the circumstances in which Telcos and ISPs need to report personal data breaches, and the information they must share in those reports, came into effect. The Regulation sets out specific rules for the notification of data security breaches under the e-privacy Directive 2002/58/EC which was transposed into Irish law by Statutory Instrument No. 336/2011.  See my earlier blog for more information on the Regulation.

A secure online form is available, on the Data Protection Commissioner's website, for Telcos and ISPs to make the data security breach notification.  Click here to access the notification form and notes on how to complete same.