Reuters reports: Australia will introduce laws to parliament to increase penalties for companies subject to major data breaches, Attorney-General Mark Dreyfus said, after high-profile cyberattacks hit millions of Australians in recent weeks. […] Dreyfus, in an official statement issued on Saturday, said the government would next week move to “significantly increase penalties for repeated or serious privacy…
Category: Legislation
New York Department of Financial Services settles charges against EyeMed with a $4.5 million penalty and remedial cybersecurity plan
In January 2022, DataBreaches reported that New York announced a $600,000 agreement with EyeMed that resolved a 2020 phishing incident that compromised the personal information of approximately 2.1 million consumers nationwide, including 98,632 in New York. But that was not the end of enforcement action and monetary penalties for EyeMed. Now the state’s Department of…
A Data Breach Is Bad, But Disclosing Too Much Could be Worse
Adam Stone reports: When state and local IT systems get breached, there’s a balancing act to be struck. How much can and should the public be told? Some advocates of transparency and accountability say anything that happens in the public realm ought to be public knowledge. On the opposite extreme, some IT leaders worry that…
Landmark U.S.-UK Data Access Agreement Enters into Force
The Agreement between the Government of the United States of America and the Government of the United Kingdom of Great Britain and Northern Ireland on Access to Electronic Data for the Purpose of Countering Serious Crime (“Data Access Agreement” or “Agreement”) entered into force today. The Agreement is authorized by the Clarifying Lawful Overseas Use…
CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act
Jim Garland, Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write: On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022…
Watchdog calls for mandatory data breach notification laws in Victoria
Joseph Brookes reports: Victoria’s privacy watchdog has called for data breach notification laws in the state after a government department failed to tell people their data had been exposed in a serious breach by a man convicted of sexually assaulting a child. The former case worker, Alexander Jones, is currently serving a six-year prison sentence for…