Ben DiPietro reports: Laws on sharing and disclosure of data and personal information differ widely among countries, greatly complicating the compliance challenges of companies operating internationally. Read more on Wall Street Journal. As DiPietro reports, different laws also differentially impact – and may impede – forensic analysis of breaches.
Category: Breach Laws
This hacker might seem shady, but throwing him in jail is bad for everyone
Timothy B. Lee writes: On Friday, the U.S. government filed its brief in the appeal of Andrew “Weev” Auernheimer, who was convicted of federal hacking charges for downloading hundreds of thousands of customer e-mail addresses from AT&T’s Web site. The government says the conviction was proper, but many security researchers and civil liberties advocates argue that the…
Mandatory Data Breach Notice Bill Stalls As Canadian Parliament Session Closed
Peter Menyasz reports: The Canadian government’s Sept. 13 decision to end the Parliament’s legislative session has at least temporarily blocked passage of proposed amendments (Bill C-12) to Canada’s framework federal privacy law that would have introduced a limited mandatory data breach notification requirement. A new parliamentary session is scheduled to start Oct. 16, and the…
North Dakota amends breach notification law to include medical information
V. John Ella writes: North Dakota has amended its data breach notification law to include “medical information” and “health insurance information.” See N.D. Century Code, Section 51-30-01. Amendments to the law also provide an exemption for HIPAA covered entities, business associates, or subcontractors so long as they are in compliance with breach notification requirements under title 45, Code…
New EU rules: Telco only SOMETIMES has to tell you it spaffed your data
The Register has an article from Out-Law.com that begins: New rules setting out the circumstances in which telecoms companies need to report personal data breaches, as well as the kind of information they need to share in those reports, have come into force. The EU’s Regulation on the notification of personal data breaches (7-page/756KB PDF) applies…
Austria: Under pressure: data breach notification must be made within 24 hours
Günther Leissler and Veronika Wolfbauer explain: The European regulatory framework on electronic communications obliges providers of public electronic communications services to notify personal data breaches to their national authorities.(1) However, the European Commission recently found a lack of harmonisation among member states in this respect, and exercised its power to issue technical implementing measures on the…