TJ McIntyre writes on IT Law in Ireland: The Data Protection Review Group has now published a consultation paper (pdf) on reforming Irish law on notification of data breaches. Pages 33-38 on possible regulatory options are particularly useful, though the group is clearly hampered by the fact that any national reforms might soon be out…
Category: Legislation
Knowing or reckless misuse of personal data – introducing custodial sentences
From the UK Ministry of Justice: Reference Number : CP22/09 Status: Open Open date: 15 October 2009 Close date: 07 January 2010 A consultation on exercising the power to provide for custodial sanctions for those found guilty of knowingly or recklessly obtaining, disclosing, selling or procuring the disclosure of personal data without the consent of…
Schwarzenegger vetoes Simitian’s privacy protection bill
Governor Schwarzenegger vetoed State Senator Joe Simitian’s (D-Palo Alto) Senate Bill 20. The bill would have strengthened and updated California’s landmark privacy protection law that requires businesses and state agencies to notify residents when sensitive personal information is lost or stolen from their databases. “I’m surprised as well as disappointed by the Governor’s veto,“ said…
Lawmakers: lower bar for health IT data breach notification
Roy Mark reports: Two key chairmen of U.S. House committees Oct. 1 urged HHS (Health and Human Services) Secretary Kathleen Sebelius to revise or appeal the agency’s controversial “harm standard” that would trigger a personal health record data breach notification. Under the current rules, companies that secure health information using encryption or destruction, no breach…
Banks oppose computer crime law proposal
Computer criminals could wind up costing Danish banks billions if a law requiring them to compensate small businesses on an equal footing with private account holders is passed. The Commerce Ministry has asked the Financial Supervisory Authority to look into whether companies with less than 10 employees and annual turnover of less than 15 million…
Ohio Officials, Insurers Look to Protect Policyholder Data
Starting Nov. 2, 2009, Ohio regulators and all insurance companies that do business in the state will begin new procedures designed to protect policyholders’ personal information. Insurance companies will be required to report any loss of policyholder information within their possession to the Department of Insurance within 15 days of the discovery that the information…