I’m first working my way through the provisions in the stimulus bill that relate to breaches and notifications. One of the recommendations that I and other privacy advocates had made was central notification and disclosure on a publicly available web site. They heard us. Here’s part of the new law: (3) NOTICE TO SECRETARY- Notice…
Category: Breach Laws
Massachusetts extends deadline on data security rules again
Jaikumar Vijayan reports: For the second time in three months, Massachusetts officials have pushed back the deadline for companies to comply with a controversial set of data security regulations that the state announced last September. In addition to the deadline extension, which was announced late Thursday , the state’s Office of Consumer Affairs and Business…
PA: Legislation aims at data breach notification
Alex Rose: State Sen. Dominic Pileggi, R-9, of Chester, recently re-introduced legislation that would require state agencies to notify the public about data breaches involving personal information within one week. Current state law only allows for notification “without unreasonable delay.” Pileggi, the Senate majority leader, introduced similar legislation last year. That bill passed the Senate…
Washington state CUs introduce data breach bill
In the wake of the Heartland Payment Systems data breach announced last week, Washington state’s credit unions once again have introduced legislation to encourage financial institutions to take “extraordinary proactive steps” to protect consumers from identity theft and financial fraud after a breach. Receiving its first hearing before the Full House Financial Institutions and Insurance…
Comments on Senator Feinstein’s bill, S. 139
Earlier this week, Senator Feinstein grabbed the privacy headlines when she reintroduced the same breach notification bill that she has introduced in every session of Congress for the past few years. Like me, the bill has not improved with age. S.139 is intended to provide a national “floor” on data breach notifications for breaches involving…
UK: BSI proposes new data protection standard
Phil Muncaster reports: Standards body BSI British Standards has invited the public to submit their comments on a new draft standard designed to help firms comply with the Data Protection Act. The DPC BS 10012, which was devised by a group of experts from academia, government and industry, applies to any organisation which holds the…