We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

French CNIL Issues Data Security Tips

20 October 2009

On October 12, 2009 the CNIL issued ten recommendations for companies to help protect their data.  The recommendations are fairly basic, ranging from implementing a rigorous password policy to ensuring that only authorized personnel have access to the company’s computer room.  The recommendations have an important pedagogical role, however, and illustrate that the CNIL is broadening its scope of focus from its traditional role of defining under what conditions personal data can be processed in France to dealing with the results of that processing,  in particular focusing on the prevention of data breaches. 

For those familiar with the security recommendations issued by ENISA, the European Network and Information Security Agency, the CNIL’s recommendations may seem quite rudimentary in comparison.   ENISA has issued a number of detailed recommendations on data security, and it is unfortunate that the CNIL did not refer to the excellent ENISA work in this area.   See, for example, ENISA's 2009 papers "10 Security Awareness Good Practices" and "Information Security Awareness in Financial Organizations - Guidelines and Case Studies."   However, the CNIL's recommendations may only be a first step, and it will be interesting to see whether the CNIL's guidance evolves as concern about data breaches continues to grow. 

Future-Proofing Privacy: New and Stronger Rights

The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...

06 June 2016
Loading data