“International Security Breach Notification Survey” is a new resource prepared by Foley & Larnder LLP and Eversheds LLP, November 2009. The report summarizes and compares the laws in various countries in tabular format, with comparisons based on: Notice Requirements (to who – (i)individual and (ii)regulator?), Timing of Disclosure (does it have to be done in a particular time period?), Form of Disclosure (does it have to be submitted in a particular way or with particular content?), Are there reporting or other obligations on entities that maintain data (ie Data Processors)?, Existing Policies (can the controller use their own procedures as opposed to those prescribed by law?), Exemptions from Disclosure, Damages/Enforcement, and Preemption (is there deemed compliance with the local law if you comply with another specified law?)
For U.S. states, the notification laws are compared on the basis of: Notice Requirements, Timing of Disclosure, Form of Disclosure, Entities that Maintain Data, Existing Policies, Exemptions from Disclosure, Damages/Enforcement, and Preemption.
View or download the free 158-page report here.