If you can’t get an interpretation of a state breach notification statute from the state’s attorney general, where can you get it? DataBreaches recently wrote to the Maine Attorney General’s Office: I am not sure I really understand a provision in Chapter 210-B §1348. Security breach notice requirements, and am seeking clarification. In Paragraph 1,…
Category: Breach Laws
China Cybersecurity and Data Protection Regulations – 2023 Recap and 2024 Outlook
Arendse Huld writes: China has been expanding its legal framework for cybersecurity and data protection in recent years, with further advancements seen in 2023. This year witnessed the refinement of legal requirements governing the procedures to export personal information (PI), bringing further clarity to the responsibilities and accountabilities of companies. At the same time, 2023…
Sg: 665,000 MBS members data leak: Govt to investigate if there was ‘significant harm’
Khine Zin Htet reports: On Nov. 7, 2023, MBS announced a breach of the personal data of 665,000 Marina Bay Sands (MBS) LifeStyle reward members by an “unknown third party” on Oct. 19 and 20, 2023. Following that, the government addressed the data breach during a parliamentary sitting held on Nov. 22. […] MBS discovered…
Australian Privacy Regulator Sues in MedLab Pathology Data Breach Case
Hunton Andrews Kurth writes: Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty (i.e., a fine) in connection with the company’s response to a data breach that occurred in February…
NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats
Hunton Andrews Kurth writes: On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation. The NYDFS, which regulates financial institutions including insurance companies, mortgage brokers and banks, adopted the…
AU: ASIC modifies licensees’ breach reporting obligations
Rachel Walker and Elouise Casey of Dentons write: Failure to comply with the mandatory breach reporting regime is arguably the canary in the coal mine for regulatory compliance to Australian Securities and Investments Commission (ASIC). We are expecting ASIC’s second annual report on the regime to be published very shortly, and we expect compliance has not…