On December 10, Oregon Attorney General Ellen Rosenblum testified in front of the joint Oregon Senate and House Judiciary Committee on the evolving nature of not only data collection and use, but also on cybersecurity incidents and hacking, and the need to amend the Oregon data breach notification law to provide enforcement authority to the

Last month, the Information Commissioner’s Office (ICO) published a response to the government’s call for views and evidence on the draft EU Directive on Network and Information Security (NIS Directive). The ICO’s criticism stemmed from its experience with mandatory data breach notifications from the telecoms sector and included suggestions for modifying the proposed NIS Directive.

As the year is coming to an end, the industry is speculating the release date of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule. The final rule is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules, and with the release date yet to be determined,

ENISA (the European Network and Information Security Agency) has issued a new report on data breach notifications . Having approached telecoms operators and data protection authorities (DPAs) on this topic, the report highlights data breach handling and key stakeholder concerns.

The revised e-Privacy Directive (2002/58/EC) brought in EU data breach notification requirements for the telecoms sector and the European Commission is considering the inclusion of the finance, healthcare and small business sectors. By requiring mandatory data breach notification to the national data protection authority, the Commission hopes to encourage organisations to increase the level of security afforded to personal data and to reassure citizens about the security of their personal data by telecom sector operators.Continue Reading New ENISA Report on data breach notifications issued