The CNIL (National Commission for Information Technology and Civil Liberties) will tackle the phenomenon of data leaks in France. As part of the publication of its "new strategic plan", the authority explains that it wants to fight against the "theft of personal data, particularly banking or health data" in France.
As the CNIL points out, last year was particularly catastrophic for the digital lives of the French. Dozens of brands, companies and government entities were victims of a cyberattack that resulted in a leak of sensitive data. This compromised information poses serious threats to a large part of the French population. By tapping into information circulating on black markets, such as the essential BreachForums, cybercriminals can orchestrate phishing attacks or identity theft.
More controls and sanctions
To stem the explosion of cyberattacks and online scams, the CNIL wants to ensure that French people's data is properly secured by companies. With the support of entities such as the National Agency for the Security of Information Systems (ANSSI), the CNIL will verify that "companies take appropriate protective measures and will raise awareness among individuals of the risks so that they are better protected against the consequences of cyber threats".
This is why the administrative authority will "increase control operations following data breaches". These checks must ensure that companies affected by cyberattacks have taken adequate measures
With this in mind, the CNIL had also taken the time to inspect Free's premises last year. Xavier Niel's operator was in fact the victim of a computer intrusion that resulted in the theft of data from nearly 20 million subscribers, including bank details, including the famous IBAN. It is still unknown whether the CNIL has detected any shortcomings at Free.
A coordinated repressive action
In any case, the authority grants itself the right to sanction negligent companies. As explained in the strategic plan, the CNIL wants to set up an effective "repressive action" with the help of other competent authorities in cybersecurity.
The regulator aims to "reassess the CNIL's recommendations on security" based on the results of the checks carried out and the notifications of data breaches". The checks will not only aim to sanction companies that have been negligent in protecting their users' data. The operations must also help the CNIL to improve the relevance of its requirements.
Finally, the data policeman is committed to supporting companies and other organizations in improving their security mechanisms. As part of this approach, the CNIL will develop "adapted educational resources", "encourage technological approaches that promote the protection of privacy" and "promote virtuous cybersecurity solutions".
In its strategic plan, the CNIL does not exclusively address data theft. The regulator also indicates that it is looking into the rise of AI. The authority intends to "clarify the legal framework on AI", in particular by promoting French positions to European authorities, and to raise awareness among the general public.
Source: CNIL
0 Comments