On March 2, 2011, the German Federal government adopted a draft law revising certain sector-specific data protection provisions in the German Telecommunications Act. The draft law addresses the implementation of data breach notification requirements in the European e-Privacy Directive by introducing a breach notification obligation for telecommunications companies. According to the proposal, telecommunications companies must…
Category: Breach Laws
A Novel Data Security Law Proposed in Colorado
David Navetta discusses a proposed law in Colorado, HB 11-1225: Regulation is achieved via the “carrot” or the “stick” (and sometimes both). This is true in the information security context as well. For example, to incentivize encryption of personal information, breach notice laws use a stick: those that fail to encrypt may have to provide…
Recommended: Evaluating Data Breach Disclosure Laws
Sasha Romanosky writes: I imagine most of you have received one or more letters from companies informing you that they lost your personal information. If so, what, if anything, did you do about it? Did you check your credit history?; close a financial account?; something else?; or nothing at all? If you did act, you…
Costa Rica: Computer Fraud Bill Passed
InsideCostaRica reports: Legislators approved the bill that establishes penalties for computer fraud. Among the sanctions are a violation of personal data and sets the penalty of 3 to 6 years in prison. In addition, it provides a penalty of 4 to 8 years in prison for extortion. Computer fraud case of espionage, computer sabotage and…
AU: Data breach laws won’t help: Verizon
Darren Pauli reports: A top information forensic specialist has said that mandatory data breach legislation will not reduce the number of data breaches, despite industry calls for such laws to be introduced. Industry figures have been asking for such legislation since the government looked into the issue as part of a national overhaul of privacy…
Data Breach Investigation | Due Process of Law
The following is cross-posted from PHIprivacy.net: In September, I posted an excerpt from a thought-provoking commentary by attorney Benjamin Wright. In discussing a fine levied against Lucile Salter Packard Hospital for late notification under California’s breach notification law, he had written, in part: The California Legislature made clear it wants notices to be issued quickly. However,…