Rohan Pearce reports: Australia is a step closer to having a mandatory data breach notification regime, after a bill to create such a scheme today received bipartisan support in the House of Representatives. The government introduced the Privacy Amendment (Notifiable Data Breaches) Bill 2016 in October. The bill has yet to be introduced in the Senate. Under the…
Category: Federal
United Arab Emirates: Cyber Security And Data Protection Breaches: A Brief Comparative Review
Simon Isgar and Bernadette Pinto of Kennedys write, in part: The Saudi Aramco attack of 2012 has been described3 as the first ‘hackavist-style’ assault to use malware. The attack managed to destroy 30,000 computers within the Aramco network, which were believed by security researchers to have been infected with the Shamoon malware. The consequences faced by…
Arming Employers Against Internal Hackers, the 11th Circuit Clarifies CFAA’s “Loss” Requirement
Carol Mongtgomery of Butler Snow LLP writes: The Eleventh Circuit ruled last week in a wrongful discharge turned Computer Fraud and Abuse Act (“CFAA”) case, spinning the employee’s case against his employer on its head. The facts of Brown Jordan International, Inc. v. Carmicle stemmed from the employment of Christopher Carmicle by Brown Jordan, a furniture manufacturer….
PII Training Required for Government Contractors, Effective Jan. 19
Christian B. Nagel, Todd R. Steggerda, Ronald L. Fouse, David G. Dargatis, and Edwin O. Childs of McGuireWoods LLP write: Beginning January 19, federal government contracts will contain additional training requirements for contractors who deal with personally identifiable information (PII) or with a system of records. Affected contractors must provide privacy training to their employees,…
“….and in no case later than 60 calendar days after discovery of a breach”
I’ve been encouraging (ok, nagging) HIPAA lawyer Jeff Drummond of Jackson Walker to write a post explaining what the 60-day notification provision really means in HIPAA, as I’ve always had a lot of questions about it, such as: Does the 60-day clock start when the covered entity (CE) first discovers that they might have a…
EBA’s Proposed Guidelines Call for 2-Hour Notice of Data Breach
From PayBefore: The European Banking Authority (EBA) working with the European Central Bank (ECB) recently released a consultation paper on guidelines for payment service providers (PSPs) to follow in the event of security breaches. Among the suggested mandates is notifying authorities of an incident within two hours from the moment the breach is detected—that’s significantly faster than…