From the Office of the Privacy Commissioner of Alberta: Amendments to the Personal Information Protection Act (PIPA) were proclaimed in force on May 1, 2010, and added a new requirement for organizations to notify the Information and Privacy Commissioner of incidents “involving the loss of or unauthorized access to or disclosure of personal information where…
Category: Legislation
Court Delays Red Flags Rule for AICPA Members
A district court has granted a delay in the enforcement of the Federal Trade Commission’s Red Flags Rule governing identity theft prevention for members of the American Institute of CPAs in public practice. The Red Flags Rule is part of the Fair and Accurate Credit Transactions Act, which Congress passed in 2003. The rule requires…
Debit card protection bill advances in New Jersey
The Associated Press reports: Consumers who use their debit cards to make purchases at New Jersey businesses could soon see new protections aimed at thwarting identity theft. The state Senate Commerce Committee recently endorsed a measure that would require merchants to truncate debit card account numbers and expiration dates on all sales receipts, including copies…
California Senate again OKs breach notification law update
Dan Kaplan reports: The California Senate has approved a bill that would update the state’s pioneering data breach notification law, the lawmaker who introduced the legislation announced Friday. The bill from Democratic Sen. Joe Simitian is a reintroduction of the same measure that he proposed last year, but which was ultimately vetoed by Gov. Arnold…
Last State Without a Breach Notice Law? Not Mississippi
Tanya Forsheit reports: Yesterday, Mississippi Governor Haley Barbour approved Mississippi’s first breach notification law, House Bill 583, leaving only four states without a notification law (Alabama, Kentucky, New Mexico, and South Dakota). Read more on InformationLawGroup. The law goes into effect July 1, 2011.
Virginia Adds Medical Information Breach Notice Law
David Navetta writes: The state of Virginia has passed a breach notice law requiring notice of security breaches involving medical information. […] “Breach of the security of the system” means unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security, confidentiality, or integrity of medical information maintained by an individual or…