The Dutch Decision “Besluit beveiliging gegevens aftappen telecommunicatie” on the implementation of safety measures by providers of public telecommunications services and public telecommunications networks, with regard to the interception and registration of communications in the Netherlands, will come into effect tomorrow, 1 June 2005.
All these providers will have to ensure that sensitive information is protected from the eyes and ears of all persons unauthorised to gain knowledge of such information. This obligation comprises, amongst others, the development of a security plan. The security plan should contain information on all levels, including e.g. the security measures taken vis-à-vis the personnel of the provider, physical measures, management of all processes involving sensitive information, securing the access to data (physical and other, such as passwords, etc.) and maintenance processes.
Agentschap Telecom (AT), which falls under the authority of the Dutch Ministry of Economic Affairs, will be the administrative body dealing with the control and enforcement of this Decision.
AT has already published a “checklist” on their website, which can help providers to ascertain how they should implement the Decision within their organisation.
For a discussion, please contact Alexa Veller.