No Contradiction Between Cyber-Security and Data Protection? Designing a Data Protecton Compliant Incident Response System
Incident Response has become an important component of cybersecurity. The usual security measures are often powerless against new and targeted attacks, also known as IT-Security incidents. Key issues such as information exchange formats and sharing platforms remain on the agenda of the cybersecurity community, especially for incident responders. Incident Response activities require additional processing of personal data, so may themselves create a privacy risk. Current developments towards Incident Response show that systems are increasingly insecure to data breaches, especially due to the massive amounts of personal data and the possibility of linking this data to personal identifiers. Therefore, the joint project ITS.Overview has set itself the goal of creating a detailed overview of IT-Security incidents in different industrial sectors that can be correlated and exchanged among companies to be able to quickly identify cyberattacks.
This article aims to offer an initial assessment of data protection measures using Incident Response management. The key problems in this context are legal and technical barriers. The main factors are the possibility of entering free text in Ticketing Systems and the legal obligations for sharing information under the General Data Protection Regulation (GDPR), as well as lack of interest and, due to trust issues, the fear of sharing information. Furthermore, the conflict between IT-Security on the one hand and informational self-determination on the other hand must be resolved by the technically and legally correct use of Incident Response.
EJLT is an open access journal, aiming to disseminate academic work and perspectives as widely as possible to the benefit of the author and the author’s readers. It is the assumption of the EJLT that authors who publish in the journal wish their work to be available as freely and as widely as possible through the open access publishing channel.
Authors who publish with EJLT will retain copyright and moral rights in the underlying work but will grant all users the rights to copy, store and print for non-commercial use copies of their work. Commercial mirroring may also be carried out with the consent of the journal. The work must remain as published – without redaction or editing – and must clearly state the identity of the author and the originating EJLT url of the article. Any commercial use of the author’s work - apart from mirroring - requires the permission of the author and any aspects of the article which are the property of EJLT (e.g. typographical format) requires permission from EJLT.
Authors can sometimes become no longer contactable (through, for example, death or retirement). If this occurs, any rights in the work will pass to the European Journal of Law and Technology which will continue to make the work available in as wide a manner as possible to achieve the aims of open access and ensuring that an author's work continues to be available. An author - or their estate - can recover these rights from EJLT by providing contact information.
The European Journal of Law and Technology holds rights in format, publication and dissemination.
EJLT, as a non-commercial organisation - which receives donations to allow it to continue publishing – must retain information on reader access to journal articles. This means that we will not give permission to mirror the journal unless we can be provided with full details as to reader access to each and every journal article. We prefer and encourage deep linking rather than mirroring. Encouragement is thus given for all users – commercial and non-commercial – to provide indexes and links to articles in the EJLT where the index or link points to the location of the article on the EJLT server, rather than to stored copies on other servers.
Please contact the European Journal of Law and Technology if you are in any doubt as to what this statement of use covers.