The Article 29 Working Party has issued a new Opinion on personal data breach notification available on this link. The Directive on Privacy and Electronic Communications 2002/58/EC (the e-Privacy Directive) provides that in the event of a breach of security, including the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of personal data, on publicly available electronic communications, electronic communications providers are obliged to notify such breaches to the respective authorities, with the local responsible authority being the Information and Data Protection Commissioner. The Opinion widens instances of security breaches which prompt the obligation of notification and provides a non-exhaustive list of examples of personal data breaches. The Working Party Opinion also provides insight into encrypted data.