Deadline: Friday 9 September 2011
Telecoms operators and internet service providers normally hold a range of data about their customers, such as name, address and bank account details, in addition to information about phone calls and internet connections. In general, providers are required by EU law to keep this data confidential and secure. However, sometimes the data can be stolen or lost, or someone could gain unauthorised access to the data. These cases are known as 'personal data breaches'. Under the revised ePrivacy Directive (2002/58/EC), when a personal data breach occurs, the provider has to report this to a specific national authority, usually the data protection authority or the communications regulator. Also, the provider has to inform the subscriber or individual directly if there is a risk to personal data or privacy.