A French bill “to better guarantee the right to privacy in the digital age” has implemented the European Directive 2009/136/EC by requiring the data controller to inform the “Data Protection Correspondent” (a person within an organization who could be the controller or someone assisting the controller), or in the absence thereof, the French data protection authority (the Commission Nationale de l’Informatique et des Libertés), of a breach of integrity or confidentiality. Those involved in the breach must also be informed, at least if security breaches are “likely to adversely affect” their personal data. The bill follows the recommendation of the Directive to notify individuals of security breaches for all sectors, not just electronic communications. It was adopted by the French Senate on March 24, 2010 and is currently before the National Assembly.
(A French version of this article is also available at http://securitybreaches.wordpress.com/)
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.