Telecompaper reports: The Dutch government has proposed legislation tightening rules for disclosing breaches of personal data. The proposal sent to parliament by the justice ministry would require any breach of personal data, whether by public or private organisations, to be disclosed both to the privacy regulator CBp and to the person whose data was compromised….
Category: Breach Laws
Senator Toomey reintroduces bill to preempt state data breach notification laws
John Eggerton reports that Senator Pat Toomey (R-PA) has introduced the “Data Security and Breach Notification Act of 2013” (S. 1193). Although the bill’s text is not yet available online, it’s reportedly the same bill he introduced last year: In the event of data breaches, “the bill would direct companies possessing personal data to notify…
Data breach notification rules should only apply where individuals are ‘severely affected’, say EU Ministers
Out-Law.com reports: Businesses should only have to report that they have experienced a personal data breach in cases where it is likely that individuals’ rights and freedoms have been “severely affected” by such a breach, EU Ministers have proposed. The Working Party on Information Exchange and Data Protection (DAPIX), set up within the structure’s of…
SEC and CFTC jointly adopt identity theft red flags rules applicable to investment advisers and others
Catherine M. Anderson and Gabrielle A. Bernstein of Foley Hoag LLP write: On April 10, 2013, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) jointly adopted identity theft red flags rules (the Rules) and corresponding guidelines requiring certain SEC and CFTC-regulated entities to implement identity theft prevention programs. The Rules…
Australian government brings on mandatory data breach notification
Josh Taylor reports: After close to five years of work, the Australian government will introduce mandatory data breach notification legislation into parliament, but the laws would be unlikely to take effect until sometime next year if they make it through parliament before the September 14 federal election. Read more on ZDNet.
Distress must be directly linked to data breach for consumers to claim compensation, rules Court of Appeal
From Out-Law.com: In a recently published judgment, the Court said that the Data Protection Act (DPA) does not oblige businesses to pay individuals compensation for distress that causes damage where the distress caused is not attributable to a breach of the Act. Under section 13 of the DPA a person is generally entitled to compensation…