Stewart Room writes: If you’ve been keeping a close eye on developments at the Information Commissioner’s Office, then you will have detected a very clear trend when it comes to regulatory enforcement action. Basically, ICO has abandoned the monetary penalty and other statutory enforcement mechanisms, for “undertakings”. Read more on Stewart Room. I’m glad for…
Category: Commentaries and Analyses
Study finds many turn to lawsuits following a data breach
Dan Kaplan reports: More than half of American consumers would sue a company that loses its personal information, according to a survey released Wednesday by IT firm Unisys. The twice-a-year Unisys Security Index, which polled 1,000 Americans on information security concerns, found that 53 percent would take legal action in the event of a data…
What does the Unisys Security Index really tell us about consumer responses to a data breach?
I’m going to post a press release from Unisys with a warning: never confuse what consumers say they will do with what they actually do. I’ll meet you on the other side of the release: Americans will go to great lengths to avoid identity theft, and many say they would take legal action against government…
Only 56 breach notifications in a year suggests “voluntary” doesn’t work well
Voluntary breach reporting doesn’t seem to be working too well in Australia. Michael Lee of ZDNet in Australia, reporting on a new annual report by the Office of the Australian Information Commissioner, notes: The OAIC also received, separately, 56 voluntary data breach notifications, representing a 21 per cent increase from the previous financial year. Somehow…
Would a federal data breach law really be too costly for the private sector?
Are you curious about the cost of a data breach notification law? Here’s the analysis of S. 1151, the Personal Data Privacy and Security Act of 2011, proposed by Senator Leahy. It appears that the biggest added cost to the private sector would be on improving security and not from breach notification since 46 states already…
In Hannaford Data Breach Case, First Circuit Says Card Replacement and ID Theft Insurance are Reasonable Mitigation Damages and Compensable–Anderson v. Hannaford Bros.
I’ve been reading a number of analyses and commentaries on the First Circuit’s ruling in the Hannaford Bros data breach case. While some people have described the ruling as a “potential game-changer,” Venkat Balasubramani provides a less optimistic analysis of what the decision may portend. As a recap, most of the plaintiffs’ claims have been…