Telecommunication companies and Internet providers must ensure the maximum protection of personal data. Pursuant to the new obligations there will be an obligation to inform end-users of serious cases of data breach which may result in loss, destruction or the undue distribution of data.

Due to the execution of the European Directive in relation to security and privacy in the electronic communications sector, recently recognised by Italy, the Privacy Garante Authority provided an initial set of guidelines by which the telecommunication companies and suppliers of Internet access services shall be obliged to follow and inform (as well as to Privacy Garante) also the end-users of the data breach that their data base could suffer as a result of cyber attacks, or other adverse events such as fire or disaster.

The guidelines used by the Privacy Garante establish; who must undertake and fulfill a communication obligation, which cases trigger the obligation to inform end-users, the forms of technical and organisational security to use in order to inform the Authority and the users of the data breach, the time limits and contents of such communication. In order to harmonise the procedures and arrangements concerning communication, the Authority has commenced a public consultation to acquire information and opinion from telephone companies and ISP’s in order to evaluate the identified measure.

For more information please go to: indicazioni-del-Garante-della-Privacy