Brendon Tavelli writes: On August 22, Illinois Governor Pat Quinn signed House Bill 3025 into law. In doing so, he aligned Illinois with a small group of states responding to increased concern about privacy and information security by retooling their existing information security breach notification frameworks. HB3025, in particular, amends the state’s breach notification law to specify…
Category: Legislation
Blumenthal Announces Legislation on Data Privacy
Senator Richard Blumenthal held a roundtable discussion yesterday with data breach experts and community leaders at the Information Technology Center at the University of Connecticut Greater Hartford campus to discuss legislation he will introduce in the coming weeks that will take a multi-pronged approach to combating the risks associated with data breaches for both consumers…
AU: Hacked firms could be held responsible for privacy breaches
Chris Merritt reports: The federal government is considering changing the law so corporate victims of criminal computer hacking can be sued over privacy breaches. This change formed part of discussions on Monday between Privacy Minister Brendan O’Connor and a lobby group that wants to subject companies and journalists to criminal penalties for privacy breaches. The…
Data-Breach Disclosures May Decline 50% Under Proposed Bills
Corporate disclosures of data breaches involving U.S. consumers’ personal information may fall by 50 percent under legislation before Congress. House and Senate lawmakers have introduced at least five data-security bills this year requiring businesses to notify customers of intrusions if there is a “reasonable risk” that personal data including credit-card and Social Security numbers may…
Shortened Breach Disclosure Periods Could Hurt Consumers
Ericka Chickowski writes: As the SAFE Data Act data breach law made its way to the House Energy and Commerce Committee after passing through the Subcommittee on Commerce, Manufacturing and Trade last week, security experts are wondering at the wisdom of a national data breach law that requires notification within 48 hours of a breach’s…
UK: ICO calls for prison sentences for use of stolen data
Warwick Ashford reports: The UK should introduce prison sentences for using stolen personal data, says Information Commissioner Christopher Graham. He is calling for an effective deterrent to the “routine trashing of individuals’ rights” under the Data Protection Act, according to according to Bloomberg. The Information Commissioner’s Office (ICO) proposed a two-year prison term in 2006 after investigating the sale of stolen…