Shostack + Friends Blog Archive


"Handling Security Breaches Under European Law"

In a comment on “What’s Next in Breach Analysis,” Ian Grigg pointed out the very interesting “Handling Security Breaches Under European Law:”

There are as yet no direct equivalents of the mandatory security breach reporting legislation we have seen in the U.S., either at a European Union level or within Europe itself. That is not to say there is no law on the reporting of breaches in Europe. While a number of countries have been looking at the increasing number of security breaches, in the main the response has been to use existing privacy legislation to take action.


In Norway, the unauthorized disclosure of personal data must be reported to the Datatilsynet, but not to the data subject. Section 2-6 of the Norwegian Personal Data Regulations provides…

So…does Norway have a Freedom of Information act?

One comment on ""Handling Security Breaches Under European Law""

Comments are closed.