RTHK reports: A laptop computer, containing information of more than 3,600 patients, has allegedly been stolen at Queen Mary Hospital. The computer belongs to the Department of Medicine of the University of Hong Kong. The case has been reported to police and the privacy commissioner. The university has apologised to the affected patients. And that’s…
Category: Breach Laws
130 days, 1,500 notifications: Does Dutch breach rule foreshadow GDPR?
Lokke Moerel and Alex van der Wolk write: As we write this, it is now four months since the new data breach notification law in the Netherlands went into effect. Since 1 January 2016, data controllers are obliged to notify the Dutch data protection authority (DPA) and individuals if the security of personal data has been…
Ontario health privacy breach notification bill passes third reading
Canadian Underwriter notes: An Ontario government bill proposing to increase fines, to $500,000, for health privacy violations recently passed third reading at Queen’s Park in Toronto. Bill 119 proposes some changes to Ontario’s Personal Health Information Protection Act (PHIPA). Read more on Canadian Underwriters.
GDPR: potential fines for data security breaches more severe for data controllers than processors, says expert
Have I mentioned recently how much I appreciate columns or posts by lawyers that help educate us non-lawyers? A post in Out-Law.com points out something that is significant for those involved in IT security or advising clients: One of the many changes that the new Regulation will deliver when it comes into force on 25 May 2018 is…
Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA
Shawn E. Tuma writes: When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does…
BCCA Leaves Open The Risk Of Exposure To Vicarious Liability For Unauthorized Use Of Personal Information By Employees
Ryan Berger of Bull Housser writes: The BC Court of Appeal has affirmed the Chambers Judge’s decision in Ari v. ICBC 2015 BCCA 468. In this case, the putative plaintff advanced a proposed class action claim, alleging an ICBC employee misused personal information of 65 customers. The plaintiff alleged vicarious liability for breach of the statutory tort of invasion…