In the wake of ex-NSA contractor Edward Snowden’s surveillance revelations to the global public, and despite an unimpeded cross-border data flow and knowledge transfer being a pre-requisite for the development of the digital economy, governments around the world are increasingly tending to...

The work of the expert group played an essential role in a process which concluded in July 2013 with the adoption by the OECD Council of the first revisions to the OECD Privacy Guidelines since their original release in 1980. This document identifies a number of issues that were raised but not...

This report provides an overview of existing data and statistics in the fields of information security, privacy and the protection of children online. It highlights the potential for the development of better indicators in these respective fields showing in particular that there is an...

This document brings together views from business, civil society and the Internet technical community on the emergence of a new generation of national cybersecurity strategies. This input was used in developing the report on “Cybersecurity Policy Making at a Turning Point: Analysing a New...

This report analyses the latest generation of “national cybersecurity strategies” in ten OECD countries and identifies commonalities and differences. The analysis reveals that cybersecurity policy making has become a national policy priority and relies on holistic strategies supported by...

These Terms of Reference set the context, objectives, scope and modalities for the second review of the 2002 Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security.

This paper provides an overview of the history of the OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (“Security Guidelines”) since the adoption of their first version in 1992. It explains that the 2002 revision of the Guidelines introduced...

This report provides the key findings of an OECD survey on comparability in personal data breach notification (PDBN) reporting that was implemented from June 2019 to February 2020. The main findings show a general trend towards mandatory PDBN regulation and identify internationally comparable...