Tag Archives: Breach Notification

Article 29 Working Party publishes guidelines on personal data breach notification

On 3 October 2017, the Article 29 Working Party (“WP29”) published draft guidelines on personal data breach notification (“Guidelines”) under the General Data Protection Regulation 2016/279 (“GDPR”). In this blog, we look at some of the key concepts that are considered in the Guidelines regarding the mandatory breach notification and communication requirements of the GDPR. … Continue Reading

Delaware Amends Data Breach Notification Law to Require Reasonable Data Security and Expand the Scope of Personal Information Requiring Notice

On August 17, 2017, Delaware Governor John Carney signed into law House Substitute 1 for House Bill 180, making the first significant amendment to Delaware’s data breach notification law since 2005.  The bill, scheduled to go into effect April 14, 2018, requires private organizations to maintain reasonable security policies and procedures; expands the definition of … Continue Reading

OMB Federal Agency Data Breach Guidelines – Considerations for Industry

Earlier in February, the Executive Office of Management and Budget (“OMB”) issued Memorandum M-17-12 to federal agencies to set out guidelines and procedures for preparing for or responding to a breach involving the release of personally identifiable information (“PII”). The OMB’s suggested framework specifically aims to “[assess] and mitigate the risk of harm to individuals … Continue Reading

FTC’s New Guidelines Provide Agency View on Data Breach Response

On October 25, the Federal Trade Commission released “Data Breach Response: A Guide for Business,” its latest guidance on data privacy and security regulation. The Guide seeks to help businesses comprehend the Agency’s understanding of both legal requirements and best practices, although what is legally required versus what is encouraged continues to be challenging for … Continue Reading

Georgia Attorney General Supports Federal Data Breach Standard

Georgia Attorney General Sam Olens has come out in support of federal data breach preemption as a more realistic way to ask companies to comply with regulatory requirements in the wake of a breach or data loss incident.  His statement comes on the heels of California Attorney General Kamala Harris’ report that the burden on … Continue Reading

California AG Proposes State Consensus on Breach Laws

Businesses scrambling to comply with the dozens of varying state laws governing data privacy and security breaches may have a new ally in California Attorney General Kamala Harris, but they shouldn’t expect her to relax any standards. In her introduction to the 2016 California Data Breach Report, Harris addressed the concerns of many who have … Continue Reading

Tech giants caught between EU disagreements on scope of Proposed Network and Information Security Directive

U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to … Continue Reading

Data Security and Breach Notification Act of 2015 Advances Despite Strong Criticism

On April 17, advocates in support of a federal data security and breach notification law achieved a victory when the House Energy and Commerce Committee passed a bill supporting national legislation. The proposed Data Security and Notification Act of 2015 (the “Act”) seeks to codify uniform regulations governing consumer personal information throughout the United States. … Continue Reading

Washington Amends its State Data Breach Notification Law

On April 13, the Washington State Senate unanimously passed an amendment to the state’s data breach notification law. The amendment, which was requested by Washington Attorney General Bob Ferguson, and which we discussed in this previous post, passed the state house of representatives in March and is now awaiting the governor’s signature. The law will … Continue Reading

Update on State Attorneys General: Connecticut Creates a Permanent Privacy Department; NAAG Covers Big Data, Cybersecurity, and Cloud Computing; and States Amend Breach Laws

The federal government may be pushing a cybersecurity and data privacy agenda, but that doesn’t mean that the states are taking a back seat. The state attorneys general are maintaining their focus on issues relating to privacy and data security and expanding the scope of that focus to address the ever-evolving nature of those issues. … Continue Reading

Oregon Breach Notification Law Changes on the Horizon

On December 10, Oregon Attorney General Ellen Rosenblum testified in front of the joint Oregon Senate and House Judiciary Committee on the evolving nature of not only data collection and use, but also on cybersecurity incidents and hacking, and the need to amend the Oregon data breach notification law to provide enforcement authority to the … Continue Reading

UK ICO criticises elements of the proposed EU cybersecurity Directive

Last month, the Information Commissioner’s Office (ICO) published a response to the government’s call for views and evidence on the draft EU Directive on Network and Information Security (NIS Directive). The ICO’s criticism stemmed from its experience with mandatory data breach notifications from the telecoms sector and included suggestions for modifying the proposed NIS Directive. … Continue Reading

Awaiting the Release of the HITECH Final Rule

As the year is coming to an end, the industry is speculating the release date of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule. The final rule is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules, and with the release date yet to be determined, … Continue Reading

New ENISA Report on data breach notifications issued

ENISA (the European Network and Information Security Agency) has issued a new report on data breach notifications . Having approached telecoms operators and data protection authorities (DPAs) on this topic, the report highlights data breach handling and key stakeholder concerns. The revised e-Privacy Directive (2002/58/EC) brought in EU data breach notification requirements for the telecoms … Continue Reading
LexBlog