Nathan D. Taylor writes: Last year, Vermont amended its security breach notification law to join the growing list of states that require notice to the state attorney general or other state regulator regarding security breaches. Unlike other states, Vermont offered businesses two options with respect to how and when notice must be provided to the…
Category: Breach Laws
EU proposes new cybercrime reporting rules
BBC reports: Over 40,000 firms, including energy providers, banks and hospitals could be required to report cyber-break-ins under new rules proposed by the EU. It is part of a move to intensify global efforts to fight cybercrime. Digital agenda commissioner Neelie Kroes said that Europe needed to improve how it dealt with cybersecurity. But firms…
EU ministers to consider ‘two-strikes’ rule for data breaches
Jennifer Baker reports: European Union justice ministers will consider a “two-strikes” rule for data breaches. The Irish Presidency of the European Council published a paper on the protection of citizens’ personal data that will be discussed at Justice and Home Affairs Council in Dublin on January 17 and 18. The paper asks European justice ministers…
UK Businesses Consider Abusing ICO Data Breach Fine ‘Loophole’
Tom Brewster reports: Organisations have considered using a “loophole” to avoid data breach fines – by asking the privacy regulator, the Information Commissioner’s Office (ICO), to audit them when they already know personal data has been lost or stolen. The UK privacy watchdog has promised not to fine any company for breaches of the Data Protection Act if…
Texas Data Breach Amendment Takes Effect; Connecticut On Deck
Steve Satterfield writes: This week, the much talked-about amendments to Texas’s breach notice statute took effect. Wepreviously blogged about these amendments, which are unprecedented in scope. With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach (unless the information is encrypted). The statute makes…
Will the High Court Resolve ‘Without Authorization’ Under the CFAA?
Nick Akerman has an article in the upcoming issue of The National Law Journal that begins: On July 26, the U.S. Court of Appeals for the Fourth Circuit became the first circuit to adopt the Ninth Circuit’s holding in U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012), that the Computer Fraud and Abuse Act does…