Hunton & Williams write: On January 1, 2016, a Dutch law became effective that (1) includes a general obligation for data controllers to notify the Data Protection Authority (“DPA”) of data security breaches, and (2) authorizes the DPA to impose direct fines for violations of the Data Protection Act. Read more on Hunton & Williams Privacy & Information…
Category: Breach Laws
Netherlands: data breach notification duties in effect January 2016
Wouter Seinen of Baker & McKenzie writes: Effective 2016, Netherlands’ businesses must notify the Dutch data protection authority (“DPA”) and sometimes individuals if they suffer certain data breaches that involve personal data under their control. Companies will have to take this seriously, as failure to notify may lead to fines up to €500,000 (or potentially…
A Closer Look at CISA’s Cybersecurity Information-Sharing Provisions
David Fagan, Ashden Fein and David Bender write: As we reported on October 27, the U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754). If enacted into law, CISA would, among other things, establish a voluntary framework for the sharing of cybersecurity threat information between and among the federal government and private entities. CISA must…
2015 Data Breach Legislation Six Month Review: Many Proposals, Few Changes
Bryan Thompson and Sean B. Hoar of Davis Wright Tremaine LLP provide a status on action – and much inaction on bills at the federal and state level: Congress has moved at a glacial pace in considering data security legislation this year, even as the fallout over major data breaches, including the OPM breach, turned…
National Association of Attorneys General: Federal Data Breach Legislation Should Not Preempt States
The National Association of Attorneys General (NAAG) sent a letter today to congressional leaders urging them to ensure that federal data breach legislation preserves states’ ability to enforce state laws in order to protect consumers from data breaches and identity theft. Most of the federal bills related to data security and data breach notification pending…
New Hampshire Enacts Breach Notification Requirement for the Department of Education
Scott Koller explains: The state of New Hampshire recently enacted House Bill 322 (“HB 322”), which requires the Department of Education (“DOE”) to implement additional procedures to protect student and teacher data from security breaches. Those procedures now include a breach notification requirement. Effective August 11, 2015, the DOE must develop a detailed security plan…