Now you can all applaud me on my wisdom in not posting all those reminders I’ve seen elsewhere about the “Red Flags” Rule going into effect on June 1…. because it’s not. From the FTC: At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the “Red Flags”…
Category: Breach Laws
Firms not required to inform victims of privacy breach under new rules
Sarah Schmidt reports: Companies can decide whether to tell their customers when they lose their personal information or hackers steal it, according to legislation tabled Tuesday by the Conservative government. The proposed amendments to Canada’s private sector privacy law will require banks, retailers and other companies to inform Canada’s privacy watchdog if they’ve experienced a…
FAQ on Alberta’s New Breach Notice Law
David Navetta writes: Earlier this month (May 1, 2010), Alberta became the first Canadian province to pass a broad breach notice law (“Bill 54”) as part of their comprehensive data privacy statute, the Personal Information Protection Act (“the Act”; technically, Alberta is the second province to pass a breach notice law in Canada, Ontario previously…
Russia Considers Improving its Data Protection Law
The Russian Federation is considering amending the country’s data protection law, according to BNA’s Privacy Law Watch. Businesses have long complained that the law contains restrictions on data processing that are extremely difficult to meet. For example, the law requires affirmative written consent for most types of data processing. In the online context, this provision…
Ie: ‘Reckless’ data breaches should be prosecuted
Steven Carroll reports: Data protection controllers should face sanctions for deliberate or reckless breaches of information protection law, a Government appointed review group has concluded. The obligations of controllers to report security breaches should be set out in a statutory code of practice, which would outline when disclosure of data breaches is mandatory, and failure…
Application of New Massachusetts Data Security Regulations to Out-of-State Businesses
Amy Crafts writes: Massachusetts’s new data security regulations, effective as of March 1, 2010, currently set forth the country’s most stringent requirements for protecting data. Extending beyond what is required by other states, Massachusetts specifies that, for example, covered entities must implement a written information security program and must encrypt personal information that will be…