Jason C. Gavejian writes: The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to…
Category: Breach Laws
Maryland Data Breach Notification Law Updated: Effective 1/1/18
Linn Freedman reports: The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018. The new law expands the definition of personal information that is protected under the statute. Presently, the definition of personal information includes a Maryland resident’s first and last name or initial and last name…
WP29 guidelines on personal data breach notification under GDPR
Anita Anand of Allen & Overy writes: The Article 29 Working Party this week published draft Guidelines on personal data breach notificationunder GDPR. The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day. Many are now asking what further…
Government of Canada publishes proposed “Breach of Security Safeguards Regulations”
Kelly Friedman and Tamara Hunter of DLA Piper write: On September 2, 2017, the Government of Canada published proposed “Breach of Security Safeguards Regulations”. The proposed regulations relate to the provisions in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), which are not yet in force. The PIPEDA provisions will require an organization to…
Delaware Adds More Stringent Data Breach Notice Requirements
Leslie A. Pappas reports: Companies doing business in Delaware have until spring 2018 to meet more stringent data breach notification requirements under a new law signed Aug. 17. Companies will be required to tell state residents affected by a data breach within 60 days and notify the state attorney general if a breach affects more…
Singapore privacy watchdog proposes mandatory reporting of data breaches
Irene Tham reports: It will soon be mandatory for organisations to inform customers of personal data breaches as soon as they are discovered – if a proposed revision to the law gets the green light. Organisations must also report the breach to the privacy commission within 72 hours. The move by the Personal Data Protection…