The Personal Data Protection Bill 2009 was passed by the Dewan Rakyat today without any “fireworks” as had been expected. Debate on it lasted less than three hours and was mainly focused on several issues, specifically credit reference agencies, in particular Credit Tip Off Sdn Bhd (CTOS), the time frame of data protection and the…
Category: Breach Laws
Informing victims of identity theft (Resource)
M. E. Kabay reviews a resource previously mentioned on this site: Until recently, information assurance (IA) personnel and attorneys specializing in this area of the law have had to search for the appropriate governing laws for each jurisdiction. In this column, I review a valuable resource for locating the laws that apply to disclosure of…
TX: Man gets 35-year sentence in ID theft
Jessica Langdon reports: A 31-year-old man faces a 35-year prison sentence in a case involving identity theft, a crime a prosecutor told the judge is one of the most destructive and personal crimes. Jurors in 30th District Court found David Lee Fairchild guilty in November of fraudulently possessing 10 pieces of others peoples’ identifying information….
AU: ALRC renews data loss financial penalty call
Christina Zhou reports: The Australian Law Reform Commission (ALRC) has renewed its call for fines for failing to notify the privacy commissioner of data breaches after the UK introduced penalties of up to half a million pounds. The ALRC initially made the call in its report: For Your Information: Australian Privacy Law and Practice released…
New Chinese Tort Liability Law Contains Provisions Affecting Personal Data
Hunton & Williams provide more details on the newly passed Chinese tort law: Certain of its provisions relate, expressly or in a general sense, to personal information. These provisions can cause data users to incur liability to data subjects for the mishandling of personal information. In particular: The law (at Articles 2 and 6) states…
UK: Data breaches to incur up to £500,000 penalty
New powers, designed to deter personal data security breaches, are expected to come into force on 6 April 2010. The Information Commissioner’s Office (ICO) will be able to order organizations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act. The ICO has produced statutory guidance about how it…