The Commissioner for Information of Public Importance and Personal Data Protection has completed the first phase in writing of the inspection procedure over the implementation and enforcement of the Law on Personal Data Protection of operators providing services of "broadband access", i.e. Internet access to natural persons.

The inspection was carried out by delivering a standard questionnaire to operatorsthat they were obliged toanswer it and enclose supporting documents, as evidence of stated answers.

Out of 184 operators inspected, 162 operators answered the questionnaire and provided requested supporting documents. Requests for initiating offence proceedings will be filed against 22 operators that failed to answer the questionnaire, and against those operators who only answered it pro forma, and actually obstructed the inspection procedure.

Due to the fact that answers given by a large number of operators can be reasonably questioned in terms of genuineness and accuracy, and many other reasons, the Commissioner estimates that direct inspection on site must be carried out, i.e. at headquarters of a number of operators. Such procedure will be conducted, regardless of available, modest, inadequate staff.

In this context, Rodoljub Saric said the following:

"With certain exceptions, submitted answers may be evaluated as unsatisfactory, very bad and disturbing.

It seems almost tragicomic and needless to comment on the fact that a number of operators submitted the questionnaireswhich were identically filled out, including identical spelling, grammatical and logical errors.

Many other facts speak for themselves and they are the reason for concern. I will mention just a few to illustrate the point:

- Even 92 operators (57%) indicated that they keep no records of entry and duration of stay of persons in the room where it is possible to access communications data, and many of them do not have a separate room accommodating technical devices,

- Only 93 operators (57%) said that they have installed Intrusion detection system (unauthorized access),but only one operator provided supporting documents,

- Even 115 operators (71%) said that for persons, employed with them,who access electronic communications data, either in real time or in records, special professional qualifications, completed training or safety certificate are not envisaged as a condition.

- Only 25 operators (15%) answered that so-called "retained data" is kept for 12 months from the date of communication, as explicitly stipulated by the Law on Electronic Communications, all others stated longer or shorter periods.

The mentioned and other facts indicate that most operators do not possess adequate documentation on privacy and safety of personal data, defined procedures to access them, or knowledge of the relevant legal provisions, which all together poses a substantial risk of possible illegal data processing and intrusion into privacy."