Out-Law.com reports: Businesses should only have to report that they have experienced a personal data breach in cases where it is likely that individuals’ rights and freedoms have been “severely affected” by such a breach, EU Ministers have proposed. The Working Party on Information Exchange and Data Protection (DAPIX), set up within the structure’s of…
Category: Breach Laws
SEC and CFTC jointly adopt identity theft red flags rules applicable to investment advisers and others
Catherine M. Anderson and Gabrielle A. Bernstein of Foley Hoag LLP write: On April 10, 2013, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) jointly adopted identity theft red flags rules (the Rules) and corresponding guidelines requiring certain SEC and CFTC-regulated entities to implement identity theft prevention programs. The Rules…
Australian government brings on mandatory data breach notification
Josh Taylor reports: After close to five years of work, the Australian government will introduce mandatory data breach notification legislation into parliament, but the laws would be unlikely to take effect until sometime next year if they make it through parliament before the September 14 federal election. Read more on ZDNet.
Distress must be directly linked to data breach for consumers to claim compensation, rules Court of Appeal
From Out-Law.com: In a recently published judgment, the Court said that the Data Protection Act (DPA) does not oblige businesses to pay individuals compensation for distress that causes damage where the distress caused is not attributable to a breach of the Act. Under section 13 of the DPA a person is generally entitled to compensation…
California Senate passes amendment to breach law to incorporate access to online accounts
California continues to lead the way in protecting consumers whose data have been breached. By a vote of 37-0-1 last week, the Senate passed S.B. 46, a bill introduced by Senator Ellen Corbett. The bill amends existing law to expand required notification to situations involving access to an online account. The law would still incorporate…
New guidance on data breaches in Belgium
I’ve been looking for an English language report on the new breach guidelines in Belgium and finally found one. Cédrine Morlière and Ludo Deklerck of Bird & Bird write: When the data breach results in a “public incident” (when a data breach results in a public leakage of private data), according to the guidance, the…