Cyber incidents may range anywhere from simple deviations from internal security regulations to criminal acts, acts of cyber terrorism, and even warfare. The investigation and management of such incidents is based on sharing and comparing traffic data and server logs, including IP addresses. Countries subject to both the EU and NATO organisational framework of cyber defence3 will face difficulties transferring such data to NATO or another member state‟s national authorities since the legal view governing EU data protection institutions categorises IP addresses and logs as personal data.
The EU legal framework on data privacy thus creates obstacles to processing cyber incident data for the purpose of cooperative cyber defence management. While there are legally safe ways to secure evidence and manage cyber incidents, recent trends in EU member states require that more attention be paid to these issues on the national regulatory level.
This article will provide insight into personal data protection issues that relate to the exchange of information concerning cyber incidents and, based on considerations pertinent to national approaches, it will provide guidance on how to minimise the related legal risks that come with cyber incident management.
Published in: Modelling Cyber Security: Approaches, Methodology, Strategies. NATO Science for Peace and Security Series, Vol 59.
Tikk, E. (2009). Defining Critical Information Infrastructure in the Context of Cyber Threats: The Privacy Perspective. Modelling Cyber Security: Approaches, Methodology, Strategies. NATO Science for Peace and Security Series, Vol 59. Amsterdam: IOS Press.