Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Karthyaeni Vittala
    • Tina Cowen
    • D A T Green
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Tony Curzon-Price
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina James
    • Maria Constantin
    • Sophia Yakhno
    • Rachael Machado
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

ICO – Change of Deadline for Reporting Breach Notifications for Communication Service Providers

February 6, 2023By Preiskel & Co

On 20 January 2023 the UK’s Information Commissioner’s Office (“ICO”) published a statement regarding the obligations then in place for public electronic communications service providers (“CSPs”) under Regulation 5A of the Privacy and Electronic Communications Regulations 2003 (“PECR”). The statement proposed the termination of the 24-hour data breach regime (which required CSPs to notify the ICO within 24 hours of becoming aware of a personal data breach). The statement is in line with the ICO25 – the ICO’s three-year plan proposal to reduce data protection compliance burdens and costs for businesses.

Following feedback received, the ICO removed the statement while it reviewed the feedback.

On 2 February 2023, the ICO issued another statement setting out its view regarding the regulatory burden on CSPs in meeting the short 24-hour reporting deadline in circumstances where the incidents being reported are unlikely to result in any risk to individuals’ rights and freedoms.

The ICO confirmed that going forward it will use its discretion not to take enforcement action and potentially issue a monetary fixed penalty of £1,000 against CSPs under Regulation 5C PECR if they do not meet the 24-hour notification requirement in relation to such incidents (i.e., when it is unlikely that the breach results in any risk to individuals’ rights and freedoms), provided however that the CSPs still notify the ICO within 72 hours of the breach. The ICO will continue the enforcement of a monetary penalty on a CSPs if they fail to notify the ICO within 72 hours.

CSPs should nevertheless continue to report incidents that are likely to adversely affect the personal data or privacy of subscribers or users to the ICO within 24 hours. The ICO may take regulatory action under Regulation 5C PECR against CSPs if they fail to do so. Additionally, CSPs should continue to comply with their obligations under PECR and notify these breaches to subscribers and/or users, where applicable.

Find the ICO statement here.

Please contact Jose Saras and Maria Constantin if you have any questions regarding the above.

The material in this article is only for general review of the topics covered and does not constitute legal advice. No legal or business decision should be based on its content.

This article is written in English language. Preiskel & Co LLP is not responsible for any translation of all or part of its content into any language.

Leave Comment

Cancel reply

Your email address will not be published. Required fields are marked *

clear formSubmit

Latest Preiskel & Co blog posts
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data
    March 28, 2023
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets
    March 22, 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape
    March 22, 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill
    March 17, 2023
  • Stormy weather for cloud computing in the EU
    March 16, 2023
  • Inmarsat Takeover Provisionally Cleared for Take-Off
    March 10, 2023
  • EDPB’s Feedback on the New EU-U.S. Data Privacy Framework
    March 6, 2023
  • UK Data Reform Bill to return to the House of Commons
    March 3, 2023
  • DCMS Publishes New Security and Privacy Principles for App Store Operators and Developers
    February 16, 2023
  • DPO’s Dismissal & Conflicts of Interest Under The EU GDPR – CJEU Ruling
    February 14, 2023
  • ICO – Change of Deadline for Reporting Breach Notifications for Communication Service Providers
    February 6, 2023
  • General EU Requirements for Cookie Banners – EDPB Task Force Report
    January 27, 2023

The Preiskel Blog

  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data 28 Mar 2023
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets 22 Mar 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape 22 Mar 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill 17 Mar 2023

Preiskel news

  • Senior Partner, Danny Preiskel, quoted by IT Pro on the costs incurred by MNOs
  • Senior Partner, Danny Preiskel, will be a panellist at GCCM Carrier Community 2023 on IOT
  • Jose Saras and Xavier Prida Awarded First Place as Data Protection Thought Leaders in the UK
  • Ronnie Preiskel chosen to judge 24 May 2023 The Tech Capital Global Awards
Preiskel tweets
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data. Find out more here: https://t.co/bJkvPBvj6F12 hours ago
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill. Find out more: https://t.co/3BHP1xq69Y5 days ago
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets. Find o… https://t.co/S7J7sX3kfs6 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2023 | Site map | Legal notices | Cookie Policy | Privacy