John Kennedy reports: Ireland’s Data Protection Commissioner has unveiled a new draft Code of Practice that sets out the reporting obligations of organisations in the event of a security breach and how they go about protecting private data. The draft Code of Practice has been placed on the website of the Office of the Data…
Category: Breach Laws
FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule
Now you can all applaud me on my wisdom in not posting all those reminders I’ve seen elsewhere about the “Red Flags” Rule going into effect on June 1…. because it’s not. From the FTC: At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the “Red Flags”…
Firms not required to inform victims of privacy breach under new rules
Sarah Schmidt reports: Companies can decide whether to tell their customers when they lose their personal information or hackers steal it, according to legislation tabled Tuesday by the Conservative government. The proposed amendments to Canada’s private sector privacy law will require banks, retailers and other companies to inform Canada’s privacy watchdog if they’ve experienced a…
FAQ on Alberta’s New Breach Notice Law
David Navetta writes: Earlier this month (May 1, 2010), Alberta became the first Canadian province to pass a broad breach notice law (“Bill 54”) as part of their comprehensive data privacy statute, the Personal Information Protection Act (“the Act”; technically, Alberta is the second province to pass a breach notice law in Canada, Ontario previously…
Russia Considers Improving its Data Protection Law
The Russian Federation is considering amending the country’s data protection law, according to BNA’s Privacy Law Watch. Businesses have long complained that the law contains restrictions on data processing that are extremely difficult to meet. For example, the law requires affirmative written consent for most types of data processing. In the online context, this provision…
Ie: ‘Reckless’ data breaches should be prosecuted
Steven Carroll reports: Data protection controllers should face sanctions for deliberate or reckless breaches of information protection law, a Government appointed review group has concluded. The obligations of controllers to report security breaches should be set out in a statutory code of practice, which would outline when disclosure of data breaches is mandatory, and failure…