News

French CNIL Issues Data Security Tips

20 October 2009
Image
Image

On October 12, 2009 the CNIL issued ten recommendations for companies to help protect their data.  The recommendations are fairly basic, ranging from implementing a rigorous password policy to ensuring that only authorized personnel have access to the company’s computer room.  The recommendations have an important pedagogical role, however, and illustrate that the CNIL is broadening its scope of focus from its traditional role of defining under what conditions personal data can be processed in France to dealing with the results of that processing,  in particular focusing on the prevention of data breaches.

For those familiar with the security recommendations issued by ENISA, the European Network and Information Security Agency, the CNIL’s recommendations may seem quite rudimentary in comparison.   ENISA has issued a number of detailed recommendations on data security, and it is unfortunate that the CNIL did not refer to the excellent ENISA work in this area.   See, for example, ENISA’s 2009 papers "10 Security Awareness Good Practices" and "Information Security Awareness in Financial Organizations – Guidelines and Case Studies."   However, the CNIL’s recommendations may only be a first step, and it will be interesting to see whether the CNIL’s guidance evolves as concern about data breaches continues to grow. 

 

Authored by Winston Maxwell

Contacts

bio-image

Eduardo Ustaran

Partner

location London

View more

Related topics

Related countries

Load more

Related keywords

Load more

Articles you may be interested in

image_1
Insights and Analysis

End-to-end encryption: obstacle or pillar of national security?

07 April 2025
image_1
News

Latombe Case: First hearing for annulment of the EU-U.S. Data Privacy Framework

02 April 2025
image_1
News

Connected vehicles: CNIL’s consultation promotes driver’s consent over fraud and car theft

01 April 2025
image_1
News

Streamlined BCR approval: Understanding the EDPB's updated procedure

31 March 2025
image_1
News

The Data Chronicles | Unlocking the EU Data Act | What it means for connected products and related services

27 March 2025
image_1
News

Overview of the CNIL’s enforcement actions in 2024: the simplified procedure generates an increase in sanctions

25 March 2025
image_1
News

Gender and GDPR: does the right to rectification override civil registry records?

25 March 2025
image_1
News

The Data Chronicles | Unlocking the EU Data Act | Impact on cloud providers and cloud users

20 March 2025
image_1
News

The Data Chronicles | Unlocking the EU Data Act | What you need to know

13 March 2025
left_arrow
right_arrow

View more insights and analysis

arrow
arrow

Register now to receive personalized content and more!

 

Register
close
See benefits
Register