Have I mentioned recently how much I appreciate columns or posts by lawyers that help educate us non-lawyers? A post in Out-Law.com points out something that is significant for those involved in IT security or advising clients: One of the many changes that the new Regulation will deliver when it comes into force on 25 May 2018 is…
Category: Breach Laws
Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA
Shawn E. Tuma writes: When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does…
BCCA Leaves Open The Risk Of Exposure To Vicarious Liability For Unauthorized Use Of Personal Information By Employees
Ryan Berger of Bull Housser writes: The BC Court of Appeal has affirmed the Chambers Judge’s decision in Ari v. ICBC 2015 BCCA 468. In this case, the putative plaintff advanced a proposed class action claim, alleging an ICBC employee misused personal information of 65 customers. The plaintiff alleged vicarious liability for breach of the statutory tort of invasion…
Ga. Senator Proposes Bill On Public Data Breach Investigations
Johnny Kauffman reports: A bill filed in the Georgia Legislature by Sen. John Albers (R–Roswell) would mandate companies and state agencies provide details to the attorney general and the governor’s office and give authority to the attorney general’s office to conduct an investigation. The Republican’s bill (SB 276) is called the “Georgia Personal Data Security…
Ottawa working on “options regarding next steps” for Canada-wide mandatory privacy breach notification
Canadian Underwriter reports: Before the House of Commons was dissolved last summer to kick off the federal election, the ruling Conservatives passed the Digital Privacy Act, which creates new offences for failing to report data security breaches. However, nation-wide mandatory breach notification would not actually take effect unless the government develops regulations, and it is not…
OR: Companies and state agencies must notify state of breaches affecting more than 250 Oregonians
KTVZ reminds everyone that Oregon’s new law has gone into effect whereby businesses and state agencies must notify the Oregon Attorney General of breaches affecting the personal information of at least 250 Oregonians. The new law defines protected data to include any medical, health insurance or biometric information as well as Social Security numbers, government ID numbers or…