Kelly Friedman and Tamara Hunter of DLA Piper write: On September 2, 2017, the Government of Canada published proposed “Breach of Security Safeguards Regulations”. The proposed regulations relate to the provisions in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), which are not yet in force. The PIPEDA provisions will require an organization to…
Category: Breach Laws
Delaware Adds More Stringent Data Breach Notice Requirements
Leslie A. Pappas reports: Companies doing business in Delaware have until spring 2018 to meet more stringent data breach notification requirements under a new law signed Aug. 17. Companies will be required to tell state residents affected by a data breach within 60 days and notify the state attorney general if a breach affects more…
Singapore privacy watchdog proposes mandatory reporting of data breaches
Irene Tham reports: It will soon be mandatory for organisations to inform customers of personal data breaches as soon as they are discovered – if a proposed revision to the law gets the green light. Organisations must also report the breach to the privacy commission within 72 hours. The move by the Personal Data Protection…
“Shoot the messenger:” NYC hospital and vendor threaten DataBreaches.net for reporting on their security failure
Vendor’s mistake potentially exposed “millions” of Bronx-Lebanon Hospital patients’ information; Hospital and vendor try to claim that iHealth Solutions was “hacked” by security researchers who uncovered the security problem; Hospital and vendor issue series of demands, threaten DataBreaches.net for reporting on incident; On May 3, Kromtech Security’s research team, conducting routine research, found that confidential and sensitive patient…
States Take Action! New Mexico, Tennessee and Virginia Pass New Data Breach Legislation
Michael B. Katz and Cynthia J. Larose of Mintz Levin write: After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz Matrix” to reflect these new and pending laws. Read more…
New Tenn. Law: No Breach Notice Needed if Data Encrypted
Andrew M. Ballard reports: Companies don’t need to notify Tennessee citizens of personal data breaches if the information was encrypted, under a new law that took effect April 4 and clarifies confusion created by a 2016 amendment. The measure reinstates language in the state’s data breach notice law to remove any doubt that companies do…