POSTED DATE: February 09, 2023 AUTHOR: Federal Student Aid ELECTRONIC ANNOUNCEMENT ID: GENERAL-23-09 SUBJECT: Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements On December 9, 2021, the Federal Trade Commission (FTC) issued final regulations (Final Rule) to amend the Standards for Safeguarding Customer Information (Safeguards Rule), an important component of the Gramm-Leach-Bliley Act’s (GLBA) requirements for protecting the…
Category: Breach Laws
Au: AMA calls for stronger laws to protect patient data
Fat Niebres reports: The Australian Medical Association (AMA) has called for stronger safeguards to protect patient data, saying laws must be in place to prevent security breaches and the use of health data to boost private profits. In a new position paper, the AMA pointed out the need for a broader national discussion on health…
A Tale of Two Breach Notification Rules
Matt Fisher writes: The early days of February 2023 saw two very different settlements announced related to healthcare data breaches. One arguably follows a well-known course and the other could be a sign of things to come. After having a health breach notification rule on the books since 2009, the Federal Trade Commission (“FTC”) had…
UK: Counter-attacking ransomware hackers
Thomas Rudkin of Farrer & Co writes: There is a developing line of cases in England & Wales where those who have been subject to a ransomware attack take action against the hackers through the civil courts. The question is why bother and what is the best way to go about this if that is…
ANPD Updates Information Security Incident Notification Guidelines
Cristiane Manzueto, Rodrigo Leal, and Flavia Telles of Mayer Brown write: The Brazilian National Data Protection Authority (ANPD) has published new guidelines on information security incident notifications, which are required whenever an incident is likely to create risks or cause significant damages to data subjects. In summary, here are the new updates: A new form for…
Important Notice about FIPPA – Mandatory Breach Notification and Privacy Management Program Requirements Coming into Effect on February 1, 2023
Jeff Holowaychuk and Abigail Choi of Clark Wilson write: Starting from February 1, 2023, public bodies in BC will be required to comply with the mandatory privacy breach notification and privacy management program provisions of the Freedom of Information and Protection of Privacy Act. These new provisions were part of a package of FIPPA amendments introduced…