{"id":585,"date":"2011-08-26T10:42:46","date_gmt":"2011-08-26T09:42:46","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=585"},"modified":"2019-12-31T12:26:09","modified_gmt":"2019-12-31T11:26:09","slug":"notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/","title":{"rendered":"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms"},"content":{"rendered":"<p><em>\u00ab\u00a0J\u2019ai l\u2019intention d\u2019introduire une obligation de notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es &#8211; comme je l\u2019ai fait pour les t\u00e9l\u00e9coms et l\u2019acc\u00e8s Internet quand j\u2019\u00e9tais commissaire en charge des t\u00e9l\u00e9communications, mais cette fois pour tous les secteurs, y compris les services bancaires et financiers.\u00a0\u00bb<\/em><\/p>\n<p>Viviane Reding, juillet 2011<\/p>\n<p>\u00c9t\u00e9 2011 : alors que la presse bruissait des d\u00e9boires s\u00e9curitaires de Sony, Sega ou autres FBI, la profession de foi de la commissaire europ\u00e9enne en charge de la justice est pass\u00e9e relativement inaper\u00e7ue mais elle pr\u00e9sage un r\u00e9el changement dans les pratiques des entreprises quant \u00e0 leur gestion des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es.<\/p>\n<p>Ce changement est une r\u00e9alit\u00e9 d\u00e8s aujourd\u2019hui pour les fournisseurs d\u2019acc\u00e8s et les op\u00e9rateurs t\u00e9l\u00e9coms depuis l\u2019adoption du <a href=\"http:\/\/eur-lex.europa.eu\/LexUriServ\/LexUriServ.do?uri=OJ:L:2009:337:FULL:FR:PDF\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Paquet T\u00e9l\u00e9com<\/em><\/a> et sa d\u00e9clinaison attendue en droit fran\u00e7ais.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>L\u2019obligation de notification bic\u00e9phale du Paquet T\u00e9l\u00e9com\u00a0: s\u00e9curit\u00e9 et donn\u00e9es \u00e0 caract\u00e8re personnel<\/strong><\/h2>\n<p><strong><br \/>\n<\/strong><\/p>\n<p>No\u00ebl 2009 : la Commission Europ\u00e9enne d\u00e9pose au pied du sapin des l\u00e9gislateurs nationaux un volumineux paquet d\u2019exigences. Compos\u00e9 de deux directives, ce <em>Paquet T\u00e9l\u00e9com<\/em> vient mettre \u00e0 jour et modifier le pr\u00e9c\u00e9dent paquet de 2002, essentiellement retranscrit dans le droit fran\u00e7ais via le Code des Postes et des Communications \u00c9lectroniques (CPCE). Parmi les nouveaut\u00e9s, figure la m\u00e9diatique obligation de s\u00e9curit\u00e9 \u00e0 travers notamment deux obligations de notification, s\u2019appliquant respectivement \u00e0 la s\u00e9curit\u00e9 des r\u00e9seaux et \u00e0 la protection des donn\u00e9es \u00e0 caract\u00e8re personnel.<\/p>\n<p>Sans doute fr\u00e9missant encore de la cyberattaque ayant paralys\u00e9 l\u2019Estonie en 2007, le l\u00e9gislateur europ\u00e9en fait en effet de la s\u00e9curit\u00e9 des r\u00e9seaux de communication une obligation inconditionnelle du m\u00e9tier de fournisseur de r\u00e9seau. Celui-ci est alors tenu de mettre en place un <em>niveau de s\u00e9curit\u00e9 adapt\u00e9 au risque existant<\/em> et de se soumettre \u00e0 des audits ind\u00e9pendants. A ceci s\u2019ajoute un strict devoir de transparence en la mati\u00e8re vis-\u00e0-vis de l\u2019autorit\u00e9 concern\u00e9e. Ainsi, tout incident de s\u00e9curit\u00e9 <em>ayant un impact significatif sur le fonctionnement des r\u00e9seaux et syst\u00e8mes<\/em> devra \u00eatre port\u00e9 \u00e0 sa connaissance, le public n\u2019\u00e9tant inform\u00e9 que s\u2019il est jug\u00e9 d\u2019<em>utilit\u00e9 publique<\/em> de le faire.\u00a0 Cette obligation est tr\u00e8s certainement une premi\u00e8re \u00e9tape vers la cr\u00e9ation d\u2019un standard de s\u00e9curisation europ\u00e9en des r\u00e9seaux.<\/p>\n<p>La seconde obligation de notification vise quant \u00e0 elle \u00e0 inciter les fournisseurs et op\u00e9rateurs \u00e0 une vigilance accrue en mati\u00e8re de protection des donn\u00e9es. Elle impose ainsi de notifier <em>sans retard indu<\/em> l\u2019autorit\u00e9 comp\u00e9tente de toute violation de donn\u00e9es \u00e0 caract\u00e8re personnel, c\u2019est-\u00e0-dire de toute violation <em>entrainant accidentellement ou de mani\u00e8re illicite la destruction, la perte, l\u2019alt\u00e9ration, la divulgation ou l\u2019acc\u00e8s non autoris\u00e9<\/em> aux donn\u00e9es. Les impacts ne sont pas nuls. Ils deviennent m\u00eame consid\u00e9rables lorsque l\u2019on ajoute que les abonn\u00e9s ou personnes concern\u00e9es doivent \u00e9galement \u00eatre inform\u00e9es d\u00e8s lors que cette violation peut avoir un impact sur eux<\/p>\n<h2><strong>Quid des op\u00e9rateurs et FAI fran\u00e7ais\u00a0?<\/strong><\/h2>\n<p><strong><br \/>\n<\/strong><\/p>\n<p>En France, une loi vot\u00e9e en mars 2011 autorise le gouvernement \u00e0 transcrire ce Paquet T\u00e9l\u00e9com dans le droit national via une ordonnance, ce qui devait intervenir avant fin septembre. C\u2019est chose faite depuis hier, l\u2019ARCEP ayant publi\u00e9 sur son site l\u2019Ordonnance le transcrivant en droit fran\u00e7ais (cf. encadr\u00e9 en fin d\u2019article).<\/p>\n<p>Ainsi, si les modalit\u00e9s doivent encore en \u00eatre pr\u00e9cis\u00e9es, les notifications de violation de traitement \u00e0 caract\u00e8re personnel devront \u00eatre effectu\u00e9es aupr\u00e8s de la CNIL, qui appr\u00e9ciera les efforts d\u00e9ploy\u00e9s par les op\u00e9rateurs et FAI en r\u00e9ponse aux incidents. Elle pourra \u00e9galement les mettre en demeure d\u2019informer leurs abonn\u00e9s, et sanctionner les entreprises en cas de manquement.<\/p>\n<p>D\u2019ici l\u00e0 les acteurs concern\u00e9s doivent sans attendre s\u2019assurer que leur gestion de la s\u00e9curit\u00e9 leur permet\u00a0:<\/p>\n<ul>\n<li>D\u2019assurer un niveau adapt\u00e9 aux risques, y compris sur les p\u00e9rim\u00e8tres sous-trait\u00e9s \u00e0 des tiers.<\/li>\n<li>De d\u00e9tecter et de r\u00e9pondre rapidement aux incidents de s\u00e9curit\u00e9.<\/li>\n<li>De r\u00e9pondre aux sollicitations de l\u2019autorit\u00e9 comp\u00e9tente et d\u2019\u00eatre \u00e0 m\u00eame de lui d\u00e9montrer du niveau de s\u00e9curit\u00e9 mis en place.<\/li>\n<li>De g\u00e9rer une communication de crise efficace et adapt\u00e9e aux violations de donn\u00e9es.<\/li>\n<\/ul>\n<p>Par ailleurs, il semble d\u00e8s \u00e0 pr\u00e9sent que les fuites de donn\u00e9es chiffr\u00e9es, et donc rendue <em>inutilisables directement<\/em>,\u00a0 n\u2019auront pas \u00e0 \u00eatre notifi\u00e9es aux abonn\u00e9s. L\u2019inventaire et la cartographie des donn\u00e9es \u00e0 caract\u00e8re personnel sur le SI des op\u00e9rateurs apparaissent donc \u00eatre des chantiers indispensables, en tant que vecteurs de maitrise et donc de s\u00e9curit\u00e9 mais \u00e9galement comme premi\u00e8re \u00e9tape d\u2019un programme plus vaste de protection. Celui-ci incluant notamment le chiffrement, mais pas uniquement, la Commission mentionnant tr\u00e8s clairement l\u2019utilisation des bonnes pratiques et normes internationalement reconnues et met en avant des principes proches de la norme ISO 27001.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Apr\u00e8s les t\u00e9l\u00e9coms\u00a0: \u00e0 qui le tour\u00a0?<\/strong><\/h2>\n<p><strong><br \/>\n<\/strong><\/p>\n<p>2012\u00a0? Et ce qui est vrai pour les op\u00e9rateurs et FAI le sera sans doute tr\u00e8s prochainement \u00e9galement pour les autres secteurs, comme l\u2019attestent les d\u00e9clarations de la commissaire europ\u00e9enne en charge de la justice. Chez nos voisins am\u00e9ricains, allemands, irlandais ou n\u00e9erlandais notamment, les l\u00e9gislations ont fleuri ces derni\u00e8res ann\u00e9es afin d\u2019instaurer une telle transparence.<\/p>\n<p>Le l\u00e9gislateur europ\u00e9en n\u2019est pas en reste. Il qui indique dans la longue introduction aux exigences du Paquet T\u00e9l\u00e9com\u00a0: <em>L\u2019int\u00e9r\u00eat des utilisateurs \u00e0 \u00eatre inform\u00e9s ne se limite pas, \u00e0 l\u2019\u00e9vidence, au secteur des communications \u00e9lectroniques, et il convient d\u00e8s lors d\u2019introduire de fa\u00e7on prioritaire, au niveau communautaire, des exigences de notification explicites et obligatoires, applicables \u00e0 tous les secteurs<\/em><\/p>\n<p>Le sens de l\u2019histoire est ainsi bien \u00e0 la notification syst\u00e9matique de tout incident de s\u00e9curit\u00e9. Le projet de loi dit Informatique et Libert\u00e9s (LIL) 3, d\u00e9j\u00e0 adopt\u00e9 au S\u00e9nat, en France, le confirme.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Que dit l&#8217;ordonnance du 25\/08\/2011?<\/em><\/p>\n<p>L\u2019ARCEP publie aujourd\u2019hui sur son site l\u2019Ordonnance transcrivant le paquet T\u00e9l\u00e9com en droit fran\u00e7ais. S\u2019il est confirm\u00e9 que les atteintes aux donn\u00e9es \u00e0 caract\u00e8re personnel devront bien \u00eatre notifi\u00e9es \u00e0 la CNIL, sous peine de 5 ans d\u2019emprisonnement et de 300\u00a0000\u20ac d\u2019amende, la notification des failles portant sur la s\u00e9curit\u00e9 et l\u2019int\u00e9grit\u00e9 des r\u00e9seaux n\u2019est quant \u00e0 elle pas directement mentionn\u00e9e. \u00a0En revanche, l\u2019obligation pour les op\u00e9rateurs de se soumettre la s\u00e9curit\u00e9 de leurs installations, services et r\u00e9seaux \u00e0 des contr\u00f4les impos\u00e9s par l\u2019\u00c9tat est \u00e0 pr\u00e9sent reprise dans l\u2019article 6 du Code des Postes et Communications \u00c9lectronique (CPCE). Un d\u00e9cret en Conseil d\u2019\u00c9tat viendra en pr\u00e9ciser les modalit\u00e9s d\u2019application.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00ab\u00a0J\u2019ai l\u2019intention d\u2019introduire une obligation de notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es &#8211; comme je l\u2019ai fait pour les t\u00e9l\u00e9coms et l\u2019acc\u00e8s Internet quand j\u2019\u00e9tais commissaire en charge des t\u00e9l\u00e9communications, mais cette fois pour tous les secteurs, y&#8230;<\/p>\n","protected":false},"author":120,"featured_media":6343,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3223,36,43],"tags":[3259,81],"coauthors":[967],"class_list":["post-585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-next-gen-it-security","category-cybersecurity-digital-trust","category-telcos","tag-data-protection-2","tag-protection-des-donnees"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"\u00ab\u00a0J\u2019ai l\u2019intention d\u2019introduire une obligation de notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es &#8211; comme je l\u2019ai fait pour les t\u00e9l\u00e9coms et l\u2019acc\u00e8s Internet quand j\u2019\u00e9tais commissaire en charge des t\u00e9l\u00e9communications, mais cette fois pour tous les secteurs, y...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2011-08-26T09:42:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T11:26:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"573\" \/>\n\t<meta property=\"og:image:height\" content=\"214\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marianne Benichou\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marianne Benichou\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/\"},\"author\":{\"name\":\"Marianne Benichou\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/1ea0d262e777b748dd507570b97597ea\"},\"headline\":\"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms\",\"datePublished\":\"2011-08-26T09:42:46+00:00\",\"dateModified\":\"2019-12-31T11:26:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/\"},\"wordCount\":1226,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\",\"keywords\":[\"data protection\",\"protection des donn\u00e9es\"],\"articleSection\":[\"Cloud &amp; Next-Gen IT Security\",\"Cybersecurity &amp; Digital Trust\",\"M\u00e9tiers - Telcos\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/\",\"name\":\"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\",\"datePublished\":\"2011-08-26T09:42:46+00:00\",\"dateModified\":\"2019-12-31T11:26:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\",\"width\":573,\"height\":214},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/1ea0d262e777b748dd507570b97597ea\",\"name\":\"Marianne Benichou\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/marianne-benichou\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/","og_locale":"en_US","og_type":"article","og_title":"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms - RiskInsight","og_description":"\u00ab\u00a0J\u2019ai l\u2019intention d\u2019introduire une obligation de notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es &#8211; comme je l\u2019ai fait pour les t\u00e9l\u00e9coms et l\u2019acc\u00e8s Internet quand j\u2019\u00e9tais commissaire en charge des t\u00e9l\u00e9communications, mais cette fois pour tous les secteurs, y...","og_url":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/","og_site_name":"RiskInsight","article_published_time":"2011-08-26T09:42:46+00:00","article_modified_time":"2019-12-31T11:26:09+00:00","og_image":[{"width":573,"height":214,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","type":"image\/jpeg"}],"author":"Marianne Benichou","twitter_misc":{"Written by":"Marianne Benichou","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/"},"author":{"name":"Marianne Benichou","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/1ea0d262e777b748dd507570b97597ea"},"headline":"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms","datePublished":"2011-08-26T09:42:46+00:00","dateModified":"2019-12-31T11:26:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/"},"wordCount":1226,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","keywords":["data protection","protection des donn\u00e9es"],"articleSection":["Cloud &amp; Next-Gen IT Security","Cybersecurity &amp; Digital Trust","M\u00e9tiers - Telcos"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/","url":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/","name":"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","datePublished":"2011-08-26T09:42:46+00:00","dateModified":"2019-12-31T11:26:09+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","width":573,"height":214},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/08\/notification-des-atteintes-a-la-securite-des-donnees-etape-1-les-operateurs-telecoms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Notification des atteintes \u00e0 la s\u00e9curit\u00e9 des donn\u00e9es : \u00e9tape 1, les op\u00e9rateurs t\u00e9l\u00e9coms"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/1ea0d262e777b748dd507570b97597ea","name":"Marianne Benichou","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/marianne-benichou\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/120"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=585"}],"version-history":[{"count":10,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/585\/revisions"}],"predecessor-version":[{"id":12481,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/585\/revisions\/12481"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6343"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=585"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}