Neil Ford writes: The slow, stately progress of European data protection law continues: last month in Luxembourg, ministers in the Justice and Home Affairs Committee of the EU’s Council of Ministers reached partial agreement on reforms to the General Data Protection Regulation (GDPR). (The GDPR, you’ll remember, will replace the EU Data Protection Directive with a…
Category: Breach Laws
Data breach disclosure law could bring fines in Canada
Jennifer Brown reports: Fines are an established punishment for data breaches south of the border and they could soon be coming to Canada. […] Bill S-4, the digital privacy act, introduced earlier this year in the Senate, would amend the Personal Information and Electronic Documents Act. It was introduced in April and is now before…
New Jersey bill, AB 3146, may not require what the Democrats claim it requires
Yesterday, I posted a press release from the NJ Assembly Democrats about AB 3146, a bill that would expand the definition of “personal information” that might require breach disclosure to consumers. While AB 3146 does expand the duty to notify consumers of a breach to include “user names and email addresses, in combination with any password…
NJ: Bill to Expand Security Breach Notifications Clears First Legislative Hurdle (updated)
Update and Correction: One of the statements in the following press release seems inaccurate. Please see this post as to the discrepancy between the press release and the bill. An Assembly panel on Thursday approved legislation sponsored by Assembly Democrats Troy Singleton, Ralph Caputo, Mila Jasey, Joseph Lagana and Annette Quijano to ensure that consumers are…
Computer Fraud and Abuse Act No Help to Employer Suing Employee Who Took Proprietary Business Info
Michelle Hackim writes: An employer had no cause of action under the Computer Fraud and Abuse Act (“CFAA”) against an employee who accessed its computer systems to misappropriate confidential and proprietary business information to start a competing business, the U.S. District Court for the Southern District of Ohio has held. Cranel Inc. v. Pro Image Consultants…
Businesses should not need to publicize personal data breaches if data is encrypted, say EU ministers
Out-Law.com reports: Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU’s Council of Ministers backed the plans as part of a wider partial agreement reached last week on…