David Braue writes: Notification of data breaches should be one of the four key steps organisations undertake in response to any detected breach, new guidelines from the Office of the Australian Information Commissioner (OAIC) recommend. The new guidelines – recently published in the OAIC’s Data Breach Notification Guide – are designed to help companies comply with the…
Category: Breach Laws
Data breach response bill headed to California governor’s desk
AP reports that the California state assembly has passed AB1710, and it now goes to the governor’s desk. But will he sign it? AB1710 requires businesses to provide free credit monitoring services for one year after Social Security and drivers’ license numbers are exposed. It also prohibits the sale of Social Security numbers except when…
The FTC’s Controversial Battle To Force Companies To Protect Your Data
Kashmir Hill writes: Hacker conference Defcon has a long tradition of playing “spot the fed,” a game that involves outing government types who attend under the radar to learn about the latest hacking tricks and those who are expert at developing them. There was little challenge in the game this August when it came to…
Delaware Adopts Law Requiring the Destruction of Consumers’ Personally Identifiable Information.
Steven Caponi and Elizabeth Sloan of Blank Rome LLP write: On July 1, 2014, Delaware Governor Jack Markell signed into law Delaware House Bill 295, which amends Section 6 of the Delaware Code relating to trade and commerce. The new law, 6 Delaware Code §§50C-101 thru 50C-401, places new obligations on commercial entities with respect…
Extending Cybersecurity Breach Notice Requirements to Intelligence Community Contractors
David Fagan, Susan Cassidy, and Catlin Meade write: As an indicator of the continuing focus of government authorities on cybersecurity breaches and potential notification requirements, certain contractors for the federal government may soon face new rapid reporting requirements for successful network penetrations. Specifically, President Obama signed the 2014 Intelligence Authorization Act (“2014 IAA”) into law on July…
Mandatory data breach laws back on Australian agenda
Richard Chirgwin reports: Australia’s on-again, off-again debate about data breach notification laws is on again, courtesy of a report into financial system regulation, at least until the government cans the idea (again). Register readers will recall that a Privacy Alerts bill was proposed by the previous government before the 2013 election, then delayed, re-introduced in March, and abandoned in…