Dutch organisations are since January 2016 required to report data breaches to the Autoriteit Persoonsgegevens (the Dutch data protection authority), and, if relevant, to the data subjects affected. Data breaches are defined as events where access to data has been obtained falsely, or where data is published, adjusted or deleted without approval of the organisation. Data breaches have increased in numbers year by year, and can occur through technical reasons, or by taking advantage of the trust of people by showing knowledge of functions, culture and jargon.
In November 2016, Europol had a large data breach, where over 700 pages on terrorism investigations of Europol were discovered by Dutch television show Zembla. The data was brought home by an employee without permission, and copied to an unprotected personal hard drive connected to the internet. Measures had been taken by Europol to prevent a data breach. Was this enough? In this blog 10 measures every privacy aware CISO should take are presented.
With the measures above you have taken important steps to limit the risk of a data breach within your organisation. In our next blog we describe which steps you can take in case you are confronted with a data breach anyhow.