Update and Correction: One of the statements in the following press release seems inaccurate. Please see this post as to the discrepancy between the press release and the bill. An Assembly panel on Thursday approved legislation sponsored by Assembly Democrats Troy Singleton, Ralph Caputo, Mila Jasey, Joseph Lagana and Annette Quijano to ensure that consumers are…
Category: Breach Laws
Computer Fraud and Abuse Act No Help to Employer Suing Employee Who Took Proprietary Business Info
Michelle Hackim writes: An employer had no cause of action under the Computer Fraud and Abuse Act (“CFAA”) against an employee who accessed its computer systems to misappropriate confidential and proprietary business information to start a competing business, the U.S. District Court for the Southern District of Ohio has held. Cranel Inc. v. Pro Image Consultants…
Businesses should not need to publicize personal data breaches if data is encrypted, say EU ministers
Out-Law.com reports: Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU’s Council of Ministers backed the plans as part of a wider partial agreement reached last week on…
The growing problem of identity theft and mandatory breach notification
Éloïse Gratton writes: Last spring I was invited to testify and present with Dr. Avner Levin before the Standing Committee on Access to Information, Privacy and Ethics, House of Commons, in the context of their study conducted on the “Growing Problem of Identity Theft and its Economic Impact“. I discussed why there are no real incentives for Canadian businesses…
California Amends Data Breach Notification Law, Does Not Require Mandatory Offering of Credit Monitoring
Andrew Hoffman writes: California Governor Jerry Brown signed into law an amendment to California’s data breach notification law on Monday. Although at least one news outlet has reported that the law requires a company to offer credit monitoring services, this interpretation is misguided. Rather, the law only places restrictions on certain companies if they choose to offer identity theft prevention and…
California strengthens breach notification and mitigation requirements (update 1)
The wait is over. Governor Jerry Brown signed AB1710 into law yesterday. The law not only requires “reasonable security procedures and practices appropriate to the nature of the [personal] information” a business owns, licenses, or maintains, but it also requires identity theft protection and mitigation services under some conditions. If notification of a breach is required,…