On February 5, 2014, the EU Member States, European Free Trade Association and the European Network and Information Security Agency issued Standard Operational Procedures to provide guidance on how to manage cyber incidents that could escalate to a cyber crisis.
Continue Reading European Member States and ENISA Issue SOPs to Manage Multinational Cyber Crises

On February 7, 2013, the European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, launched their cybersecurity strategy for the European Union, which included a draft directive on measures to ensure a common level of network and information security across the EU.
Continue Reading European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security

On April 6, 2011, the European Commission (“the Commission”) signed a voluntary agreement with private and public stakeholders to establish data protection guidelines for companies that use radio frequency identification device (“RFID”) technology within Europe.

The agreement, entitled “Privacy and Data Protection Impact Assessment Framework for RFID Applications” (the “Framework”) requires companies to conduct privacy impact assessments for all RFID applications they implement and to take measures to address identified data protection risks before those applications are deployed in the market.  Reports of the completed privacy impact assessments must be made available to the national data protection authorities.  The Framework, which was designed in close cooperation with the European Network and Information Security Agency after consultation with the Article 29 Working Party, provides the first clear, comprehensive methodology that can be applied across all industry sectors to assess and mitigate RFID-related privacy risks.  It is intended both to assure companies that their use of RFID technology is compatible with European data protection legislation, and to enhance privacy protections for European citizens and consumers.Continue Reading New EU Guidelines on RFID Technology to Address Data Protection Concerns

On February 18, 2011, the European Network and Information Security Agency published a report addressing security and privacy concerns associated with the use of cookies.

Continue Reading European Network and Information Security Agency Publishes Report on Cookies

On January 14, 2011, the European Network and Information Security Agency published a report compiling input on EU breach notification procedures provided by regulatory authorities, telecommunication service providers and legal and industry experts.

Continue Reading European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU