I’ve recently commented a few times on delays to notification in the healthcare sector. Out-Law.com has a piece on data breach response times in the U.K. that provides some useful comparisons. Businesses in the UK took an average of 21 days to report personal data breaches they had identified to the Information Commissioner’s Office (ICO)…
Category: Breach Laws
FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule
Mike Nonaka, Libbie Canter, David Stein and Sam Adriance of Covington & Burling write: On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”). Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which…
Republicans, Democrats Offer Different Views on Preemption During Senate Privacy Hearing
James Strawbridge of Covington & Burling writes: At a February 27, 2019 hearing on “Privacy Principles for a Federal Data Privacy Framework in the United States,” Republican and Democratic members of the Senate Commerce, Science, & Transportation Committee offered different perspectives on whether new federal privacy legislation should preempt state privacy laws. Chairman Roger Wicker…
NJ Measure to Expand Disclosure of Online Breaches Heads to Governor
Suzette Parmley reports that New Jersey is on the verge of expanding its breach notification law as a bill is headed to the Governor’s desk for signature. A-3245/S-52 would amend the law to include among the information triggering a notification requirement: usernames, email addresses, and any passwords or security questions and answers that would permit access…
California to close data breach notification loopholes under new law
Zack Whittaker reports: California, which has some of the strongest data breach notification laws in the U.S., thinks it can do even better. The golden state’s attorney general Xavier Becerra announced a new bill Thursday that aims to close loopholes in its existing data breach notification laws by expanding the requirements for companies to notify…
Turkish Data Protection Authority Announces The Procedure To Be Taken By Companies In Cases Of Data Breaches
Ertuğrul Can Canbolat LL.M., Baran Can Yildirim, LL.M. and S. İrem Akin of Actecon write: Article 12 of the Turkish Data Protection Law No. 6698 (“TurkishData Protection Law“) entitled “Obligations Regarding Data Security” deals with the obligations of the data controller. Article 12/1 of the Turkish Data Protection Law states the data controller shall take…