On 1 January 2004 came into force the “Code about the protection of personal data (Legge Delega n.127/2001)”, commonly known as Testo Unico (Unique Text) or T.U. about privacy, introduced by the legislative decree of 30 June 2003, N.196. This text substitutes and integrates many older laws and decrees, among which, particularly, the so-called “Law about Privacy” , law 675 of 31 December 1996 “Safeguard of persons and other subjects in respect of personal data handling”, and the Presidential Decree 318 of 28 July 1996 “Regulation bringing the norms for the definition of minimal security measures for the handling of personal data, according to article 15, comma 2 of law 675/96”.

The new T.U. defines ules and sanctions relative to the handling of personal data, that is to say any “information relative to physical persons, juridical persons, organization or association, identified or identifiable, even indirectly, by reference to any other information, including personal identification numbers” (article 4 comma 1 letter B of the T.U.), of sensible data and of judiciary data (see letters d and e of article 4 comma 1 of the T.U.).

In particular, the T.U. defines –in a specific technical attachment – the minimal security provisions to adopt when personal data are handled with electronic instruments. This aspect – the handling by computers and informatic and telematic networks – is the most critical for the organizations, both for the higher analysis and evaluation difficulties and for the complexity of IT structures, that often, to comply with legal requirements, need substantial upgrades and modifications.

Trend
The increase in security accidents reported to CERT is exponential. The accident number for year 2000 alone grossly equals  half of the cases of all the preceding decade.