PUBLIC RECORDS - ICO Releases PECR Breach Notification Guide
"The reports that telecoms companies will have to submit to the Information Commissioner's Office (ICO) containing details of data breaches may be disclosed under freedom of information (FOI) laws. The ICO has issued new guidance to public electronic communication service providers that explains when those companies are obliged to report personal data breaches to it after new EU data breach rules affecting such providers came into force. Under the guidance, telecoms companies would be required to submit a monthly report to the ICO detailing all the security breaches they have experienced. The Privacy and Electronic Communications Regulations (PECR) already required telecoms companies to keep a log of personal data breaches, complete with details on the facts surrounding the breach, the effects of the breach, and remedial action taken, and it is this log that the ICO is seeking be reported every month. ""Strictly speaking, PECR does not require this monthly return,"" the ICO said. ""However, we believe that this remains a useful exercise as it will demonstrate that service providers are monitoring their security properly and taking their responsibilities seriously. If we do not receive a monthly return from a service provider, this may trigger further investigation."""