David Navetta writes: The state of Virginia has passed a breach notice law requiring notice of security breaches involving medical information. […] “Breach of the security of the system” means unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security, confidentiality, or integrity of medical information maintained by an individual or…
Category: Legislation
Malaysian Personal Data Protection Bill passed
The Personal Data Protection Bill 2009 was passed by the Dewan Rakyat today without any “fireworks” as had been expected. Debate on it lasted less than three hours and was mainly focused on several issues, specifically credit reference agencies, in particular Credit Tip Off Sdn Bhd (CTOS), the time frame of data protection and the…
Federal Information Security and Data Breach Notification Laws
From Congressional Research Service: Federal Information Security and Data Breach Notification Laws Gina Stevens Legislative Attorney January 28, 2010 The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health…
Addition to Washington Breach Law Imposes Retailer Liability in Payment Card Breaches
Under a Washington law effective July 1, 2010, certain entities involved in payment card transactions may be liable to financial institutions for costs associated with reissuing payment cards after security breaches. Designed to encourage the reissuance of payment cards as a means of mitigating harm caused by security breaches, Washington H.B. 1149 applies to three…
Shock, confusion after birth certificates voided
Suzanne Gamboa reports: Native Puerto Ricans living outside the island territory are reacting with surprise and confusion after learning their birth certificates will become no good this summer. A law enacted by Puerto Rico in December mainly to combat identity theft invalidates as of July 1 all previously issued Puerto Rican birth certificates. That means…
UK: Tough new sanctions proposed for breaches of data protection law
The Ministry of Justice is running two consultation exercises in tandem concerning proposals to amend the Data Protection Act. The first proposal is to introduce custodial sentences of up to two years for data protection offences; the second proposal is to introduce new civil penalties, with an upper limit fine of £0.5m, for serious breaches…