On 25 August 2013, new rules setting out the circumstances in which Telcos and ISPs need to report personal data breaches, and the information they must share in those reports, came into effect. The Commission Regulation sets out specific rules for the notification of data security breaches under the e-privacy Directive 2002/58/EC, which was transposed into Irish law by Statutory Instrument No. 336/2011. See our Client Bulletin of 2 July 2013 for more information on the Regulation.

A secure online form is available, on the Data Protection Commissioner's website, for Telcos and ISPs to make the data security breach notification.

Click here to access the notification form and guidance notes on how to complete same.