Tom Brewster reports: Organisations have considered using a “loophole” to avoid data breach fines – by asking the privacy regulator, the Information Commissioner’s Office (ICO), to audit them when they already know personal data has been lost or stolen. The UK privacy watchdog has promised not to fine any company for breaches of the Data Protection Act if…
Category: Breach Laws
Texas Data Breach Amendment Takes Effect; Connecticut On Deck
Steve Satterfield writes: This week, the much talked-about amendments to Texas’s breach notice statute took effect. Wepreviously blogged about these amendments, which are unprecedented in scope. With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach (unless the information is encrypted). The statute makes…
Will the High Court Resolve ‘Without Authorization’ Under the CFAA?
Nick Akerman has an article in the upcoming issue of The National Law Journal that begins: On July 26, the U.S. Court of Appeals for the Fourth Circuit became the first circuit to adopt the Ninth Circuit’s holding in U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012), that the Computer Fraud and Abuse Act does…
Sen. Toomey Introduces Data Security Bill
U.S. Senator Pat Toomey (R-Pa.) introduced a bill Thursday to create a national standard requiring companies to protect and secure consumers’ electronic data. Companies must currently comply with 46 different state laws in the event of a data breach. Sen. Toomey’s bill would preempt these laws and replace them with a single national standard, providing…
Does a Data Breach in the U.S. Require Notification in Europe?
Paul Van den Buick writes: The European legal framework on the protection of personal data (Directive 95/46/Ec) is acknowledged as one of the strictest in the world. This tendency seems to be confirmed by the new draft regulation on the protection of personal data revealed by the European Commission in January 2012, which, once adopted,…
AU: OAIC updates data breach guidelines
Hamish Barwick reports: The Office of the Australian Information Commission (OAIC) has updated its voluntary data breach guidelines as a means of encouraging organisations to notify the public in the advent of a data breach. The new guidelines, entitled Data breach notification, update the August 2008 Guide to handling personal information security breaches. Information Commissioner, John McMillian,…