European Data Protection Digest

ICO Releases PECR Notification Guide

DATA PROTECTION—UK

September 19, 2013

The UK Information Commissioner’s Office (ICO) has released a new 13-page guide to public electronic communication service providers to help explain when such companies are obligated to report personal data breaches, Out-Law.com reports. Telecoms would be required to submit monthly reports to the ICO laying out all the security breaches sustained. This ICO did say such reports could be disclosed under Freedom of Information Act requirements. "Strictly speaking, PECR (Privacy and Electronic Communications Regulations) does not require this monthly return," the ICO said. "However, we believe that this remains a useful exercise as it will demonstrate that service providers are monitoring their security properly and taking their responsibilities seriously. If we do not receive a monthly return from a service provider, this may trigger further investigation."
Full Story