2 research outputs found
The tortoise shell Integrated Coastal Management in Galapagos
The current work aims to examine the legal framework for Integrated Coastal Management
for Archipelago de Galapagos. It examines the content of ICM at the internal level in order
to find if there is a standard for appropriate Integrated Management of Coastal Zones. Also
it aims to define whether the ratification of UNCLOS by the government of Ecuador
should affect the implementation of such framework
FROM RAISING BARRIERS TO RAISING ALARMS : A review of Data Breach notifications in the context of Information Security Provisions
ABSTRACT
The Directive 2009/136/EC required the implementation of a Personal data breach notifications regime. This notification is a complement to the already existing Information Security Provisions. Information Security traditional function is to prevent the unauthorized access or disclosure of personal data. As modern technology was adopted into the processing of personal data, the risks inherent to such technology threaten the personal data being processed. The responsibility was placed over the controllers and processors, but as data breaches were more commonly related to Identity theft cases, other measures were necessary to prevent the controller to remain silent if affected by a breach.
California was the first jurisdiction to implement a mandatory regime of personal data breach notifications. In Europe, Spain and Germany implemented such notifications before the reforms to the E-Privacy Directive where adopted. As this date Personal Data Breach Notification Provisions are mandatory throughout the territory of the EU.
These notifications have as main function to give notice to the data subjects about the occurrence of a data breach that affects or its believed have affected, their personal data. The providers of publicly available electronic communication services in the Telecommunication sector are the only controllers who are obligated to perform the notification to both the National Data Protection Authorities or to the data subjects.
The present thesis reviews these provisions and analyses them in the context of the information security measures provisions. Discusses the threshold for appropriateness and develop on the traditional function that the information security had: to prevent unlawful access to or disclosure of personal information.
Since the model of the notification provision resembles the one applied in California, reference to this framework will be made. Also the national provisions in Germany, Ireland, the United Kingdom and Spain will be taken as reference to compare the different approach that member states have taken to comply with the implementation of the reforms that unsaturated the notification regime. Finally, notes to consider for future reforms will be presented.