The Commission nationale de l’informatique et des libertés (CNIL – the French privacy authority) has recently found a company in breach of its duty to protect the personal information of its employees because the company used unduly short passwords that were too easy to guess and that were not changed often enough. (See the story on Le Village de la Justice)
According to the CNIL, the employer should have had a password policy that required longer passwords composed of letters, numbers and special characters, and that also required that the passwords be changed frequently.
It was not demonstrated that . . . [more]