In its "Privacy and Information Security Law" blog, the Hunton and Williams law firm announced that the German government has proposed a new data breach notification law:
"... telecommunications companies must report data breaches to the Federal Network Agency (the Bundesnetzagentur or “BNetzA”), and the Federal Commissioner for Data Protection and Freedom of Information. In the event the rights or protected interests of subscribers or other persons are affected by the data breach, such individuals also must be notified without undue delay."
While the notification of affected consumers is not required if the data is encrypted, the BNetza retains the right to require any telecommunications companies to notify consumers regardless of the data security protections in place at the time of the breach.
The new breach notification rules are part of broader changes under the European e-Privacy Directive, scheduled to go into effect in May of 2011. Other changes in these new European Union directives include tightened rules about how companies treat, collect consumers' data, and obtain consent with consumers' web browser cookies.