If a particular risk arises threatening the security of the public network of electronic communications, the operator exploiting such network or providing the electronic communications service shall inform its customers about the risk and the measures that should be implemented.
Article 34 of the Telecommunications Act
To customers. However, the legislation does not specify if “customers” mean all the customers of these operators or only those customers affected by the risk.
Yes, there are different security measures depending on what the data is.
All data files must implement a basic level of security measures which, among other things must include the adoption of a “Security Document” that contains a summary of all the applicable security measures.
Other types of data have more stringent measures, which may include an audit of compliance with the Security Document.
For data files that contain information that is sensitive personal data, that information should be encrypted.
Spain affirmed that the most important objective of the new legal framework is to try to ensure effective protection of consumers and also to ensure access to essential services. Additionally Spain considers that it is important to increase the transparency between operators and consumers, and also to specify the security measures that operators shall implement in order to improve the current situation.