David E. Sanger and John Markoff report: Almost two years after outlining a broad strategy intended to strengthen the security of the nation’s computers and networks, the Obama administration said Thursday that it was sending proposed legislation to Congress that would strengthen penalties for any invasion of private computer systems. But the White House, in…
Category: Federal
President’s cybersecurity agenda includes proposed federal data breach notification law
To cut to the chase: you can read the language of the proposed data breach notification law here. Sadly, the proposed language allows entities NOT to notify affected individuals if they conduct a risk assessment and determine that there is no risk to those whose data were breached. Other problems I see on a first…
NZ: Row brewing over privacy ‘crime’
Claire Rogers reports: A row is brewing over whether businesses should face criminal sanctions and fines if they fail to notify people of data breaches. The privacy commissioner is calling for notification of data breaches to be mandatory and for concealment to be made a crime. But Business New Zealand says criminal penalties would be…
Ca: Clement backs fines for data leaks
Sarah Schmidt reports: Industry Minister Tony Clement said Friday he’s open to the idea proposed by Canada’s privacy watchdog to give her the power to slap corporations with huge fines if they don’t protect the personal information of their customers. “I have not closed the door to it, but there would have to be additional…
Ca: Fines needed to help stem growing data breaches, Privacy Commissioner says
From the Office of the Privacy Commissioner of Canada: STRATFORD, Ontario, May 4, 2011 – An alarming trend of ever-bigger data breaches is prompting Privacy Commissioner Jennifer Stoddart to call for substantial fines against major corporations that fail to adequately protect Canadians’ personal information from preventable breaches. “I am deeply troubled by the large number…
Ninth Circuit Holds That Violating Any Employer Restriction on Computer Use “Exceeds Authorized Access” (Making It a Federal Crime)
Orin Kerr writes: I had though the world was safe from the nuttiness of the Justice Department’s broad theories of the Computer Fraud and Abuse Act in the Lori Drew case. Not so. Readers may recall I once blogged about a similar case, United States v. Nosal, that raised similar issues in the context of an employee…