Guideline of the European Central Bank of 22 December 1998 concerning the common ... (31998O0028)
EU - Rechtsakte: 01 General, financial and institutional matters

31998O0028

Guideline of the European Central Bank of 22 December 1998 concerning the common rules and minimum standards to protect the confidentiality of the individual statistical information collected by the European Central Bank assisted by the national central banks (ECB/1998/NP28)

Official Journal L 055 , 24/02/2001 P. 0072 - 0074
GUIDELINE OF THE EUROPEAN CENTRAL BANK
of 22 December 1998
concerning the common rules and minimum standards to protect the confidentiality of the individual statistical information collected by the European Central Bank assisted by the national central banks
(ECB/1998/NP28)
THE GOVERNING COUNCIL OF THE EUROPEAN CENTRAL BANK,
Having regard to the Statute of the European System of Central Banks and of the European Central Bank (hereinafter referred to as the "Statute") and in particular to Articles 5, 12.1, 14.3 and 38 thereof,
Having regard to Council Regulation (EC) No 2533/98 of 23 November 1998 concerning the collection of statistical information by the European Central Bank(1) and in particular to Article 8 thereof,
Whereas:
(1) Article 8(3) of the said Regulation (EC) No 2533/98 provides that the reporting agents shall be informed of the statistical and other administrative uses to which statistical information provided by them may be put. The said Article also provides that reporting agents shall have the right to obtain information on the legal basis for the transmission and the protective measures adopted.
(2) Article 8(9) of the said Regulation (EC) No 2533/98 requires that the European Central Bank (ECB) and the national central banks (NCBs) shall take all the necessary regulatory, administrative, technical and organisational measures to ensure the protection of confidential statistical information. The said Article requires that the ECB shall define common rules and minimum standards to prevent unlawful disclosure and unauthorised use of confidential statistical information.
(3) Internal procedures are in force in the ECB and the NCBs which provide a high level of protection of confidential statistical information in the ECB and the NCBs. Therefore the purpose of the common rules and minimum standards required by Article 8(9) of Council Regulation (EC) No 2533/98 can be achieved by setting a basic level of protection across the European System of Central Banks without prejudice to any higher level that is achieved through the actual protection measures in force within the ECB and the NCBs and without impinging on these actual protection procedures or imposing specific technical solutions on the ECB and the NCBs, provided that the common rules and minimum standards are fulfilled.
(4) The ECB needs regular information from the NCBs on the actual protection measures in order to fulfil its task of defining the common rules and minimum standards set out in the said Article 8(9) of Regulation (EC) No 2533/98 and in order to assess the fulfilment of the required basic level of protection.
(5) In accordance with Articles 12.1 and Article 14.3 of the Statute, ECB Guidelines form an integral part of Community law,
HAS ADOPTED THIS GUIDELINE:
Article 1
Definitions
For the purpose of this Guideline:
1. "confidential statistical information" shall mean statistical information which is defined as confidential in accordance with Article 8(1) of Council Regulation (EC) No 2533/98;
2. "protection measures" shall mean the appropriate procedures for the protection, both logical and physical, of confidential statistical information;
3. "logical protection" shall mean the protection measures that prevent unauthorised access to the confidential statistical information iteself;
4. "physical protection" shall mean the protection measures that prevent unauthorised access to the physical area and the physical media;
5. "physical area" shall mean any part of the building in which are located the physical media on which confidential statistical information is stored or over which it is transmitted;
6. "physical media" shall mean hard copy (paper) and the computer equipment (including peripherals and storage devices) on which confidential statistical information is stored or processed.
Article 2
Logical protection
1. The ECB and the NCBs shall each define and implement authorisation rules and protection measures for the logical access of their staff to confidential statistical information.
2. Without prejudice to the continuity of the system administration function, the minimum protection measure shall be a unique user identifier and personalised password.
3. All appropriate measures shall be taken to ensure that confidential statistical information is arranged in such a way that any published data covers at least three economic agents. Where one or two economic agents make up a sufficiently large proportion of any observation to make them indirectly identifiable, published data shall be arranged in such a way as to prevent their indirect identification. These rules shall not apply if the reporting agents or the other legal persons, natural persons, entities or branches that can be identified have explicitly given their consent to the disclosure.
Article 3
Physical protection
The ECB and the NCBs shall each define and implement authorisation rules and protection measures for access of their staff to any physical area, without prejudice to Article 4 of this Guideline.
Article 4
Third party access
In the event of any third party having access to confidential statistical information, the ECB and the NCBs shall ensure through appropriate means, where possible by way of a contract, that the confidentiality requirements as laid down in Regulation (EC) No 2533/98 and in this Guideline are respected by the third party.
Article 5
Data transmission and networks
1. Where allowed by Article 8 of Regulation (EC) No 2533/98, confidential statistical information shall be transmitted extra muros electronically, following encryption.
2. The ECB and the NCBs shall each define authorisation rules for such transmission of confidential statistical information.
3. For internal networks, appropriate protection measures shall be taken to prevent unauthorised access.
4. Interactive access to confidential statistical information from unsecured networks shall be prohibited.
Article 6
Documentation and staff awareness
The ECB and the NCBs shall ensure that all their rules and procedures relating to the protection of confidential statistical information are documented, and that this documentation is kept up to date. The staff involved shall be informed about the importance of the protection of confidential statistical information and kept up to date about all rules and procedures that affect their work.
Article 7
Reporting
1. The NCBs shall inform the ECB at least once a year of the problems experienced in the last period, the actions taken in response to these and the planned improvements with regard to the protection of confidential statistical information. The ECB shall draw up a corresponding report.
2. The Governing Council of the ECB shall assess the implementation of this Guideline at least once a year. In preparation for the assessment, the ECB shall be informed of, and report on, the authorisation rules and types of protection measures applied by the ECB and the NCBs as referred to in Articles 2, 3 and 5 of this Guideline.
Article 8
Final provisions
This Guideline is addressed to the national central banks of participating Member States.
This Guideline shall be effective as of 1 January 1999.
Done at Frankfurt am Main, 22 December 1998.
On behalf of the Governing Council of the ECB
Willem F. Duisenberg
(1) OJ L 318, 27.11.1998, p. 8.
Markierungen
Leseansicht