Every country handles the transfer of personal information in a different way. For tasks such as security investigations, companies need to make sure that they comply with various laws to ensure that information is obtained in a lawful manner. In a press release from the European Network and Information Security Agency (ENISA), the Agency reports on a study it has published about information sharing and cross-border collaboration of national/governmental Computer Emergency Response Teams (CERTs) in Europe. The press release includes 5 policy recommendations, which are as follows:
- Clarification of the differences between national legal frameworks;
- Adoption of EU legislation that takes account of the scope of national/governmental CERTs;
- Specification of a threshold for incidents requiring national/governmental CERT response & information sharing;
- Explanation of why CERTs need to process personal data for relevant authorities to establish clarity under what circumstances this data may be shared across borders;
- Inclusion of information on the legal basis for information requests.