Alana Maurushat of University of New South Wales has published a review and comparison that is available online at bepress.com in pdf format. The abstract: Data breach notification and disclosure laws are emerging around the globe. The following article and table examine the specifics of data breach notification frameworks in multiple jurisdictions. Over the year…
Category: Commentaries and Analyses
FTC Publishes Proposed Breach Notification Rule for Electronic Health Information
From the FTC: The Federal Trade Commission today announced that it has approved a Federal Register notice seeking public comment on a proposed rule that would require entities to notify consumers when the security of their electronic health information is breached. The American Recovery and Reinvestment Act of 2009 (the Recovery Act) includes provisions to…
Pointer: Visa Suspends Heartland: A Little Revisionist History?
Over on StorefrontBacktalk, Evan Schuman has some sharp and thought-provoking commentary on Visa’s suspension of Heartland’s and RBS’s approved status and assertions that “no compromised entity has been found to be [PCI] compliant at the time of the breach.”
Pointer: State Laws Require Secure Personal Data
Nick Akerman and Melissa J. Krasnow have an article in The National Law Journal: Connecticut, Massachusetts and Nevada recently enacted laws requiring businesses to institute certain compliance measures to secure personal information that can be used to perpetrate identity theft. The Massachusetts law applies to a business located anywhere in the United States that stores…
More on whether breach notification laws work
George Hulme of Information Week also responded to Kim Zettner’s article in Threat Level about a recent seminar on whether data breach notification laws are working. He raises some points about the value of such laws and similar to what I said here yesterday, notes “Helping consumers avoid identity theft and fraudulent transactions is only…
Experts Debate the Value of Breach Notification Laws
Kim Zettner of Threat Level discusses the different views expressed at a seminar last week on whether data breach notification laws do any good. As expected, the upshot was “we don’t know” because there are not enough data, surveys may not be reliable indicators, etc. Of course, there is another way to frame the issue…