Linn Freedman reports: The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018. The new law expands the definition of personal information that is protected under the statute. Presently, the definition of personal information includes a Maryland resident’s first and last name or initial and last name…
Category: Breach Laws
WP29 guidelines on personal data breach notification under GDPR
Anita Anand of Allen & Overy writes: The Article 29 Working Party this week published draft Guidelines on personal data breach notificationunder GDPR. The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day. Many are now asking what further…
Government of Canada publishes proposed “Breach of Security Safeguards Regulations”
Kelly Friedman and Tamara Hunter of DLA Piper write: On September 2, 2017, the Government of Canada published proposed “Breach of Security Safeguards Regulations”. The proposed regulations relate to the provisions in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), which are not yet in force. The PIPEDA provisions will require an organization to…
Delaware Adds More Stringent Data Breach Notice Requirements
Leslie A. Pappas reports: Companies doing business in Delaware have until spring 2018 to meet more stringent data breach notification requirements under a new law signed Aug. 17. Companies will be required to tell state residents affected by a data breach within 60 days and notify the state attorney general if a breach affects more…
Singapore privacy watchdog proposes mandatory reporting of data breaches
Irene Tham reports: It will soon be mandatory for organisations to inform customers of personal data breaches as soon as they are discovered – if a proposed revision to the law gets the green light. Organisations must also report the breach to the privacy commission within 72 hours. The move by the Personal Data Protection…
“Shoot the messenger:” NYC hospital and vendor threaten DataBreaches.net for reporting on their security failure
Vendor’s mistake potentially exposed “millions” of Bronx-Lebanon Hospital patients’ information; Hospital and vendor try to claim that iHealth Solutions was “hacked” by security researchers who uncovered the security problem; Hospital and vendor issue series of demands, threaten DataBreaches.net for reporting on incident; On May 3, Kromtech Security’s research team, conducting routine research, found that confidential and sensitive patient…