There’s a very interesting discussion on C-SPAN about the consumer’s right to know about breaches and how the individual is best positioned to decide how to react. “Representative Bono Mack Gives Details on Proposed Data Theft Bill.” I’m glad to see how the debate is maturing, and how no one bothered with some of the…Read More Representative Bono-Mack on the Sony Hack
The UK’s Financial Services Authority has imposed a £2.28 million fine for losing a disk containing the information about 46,000 customers. (Who was fined is besides the point here.) I agree heartily with John Dunn’s “Data breach fines will not stop the rot,” but I’d like to go further: Data breach fines will prolong the…Read More Data breach fines will prolong the rot
Ireland has proposed a new Data Breach Code of Practice, and Brian Honan provides useful analysis: The proposed code strives to reach a balance whereby organisations that have taken appropriate measures to protect sensitive data, e.g. encryption etc., need not notify anybody about the breach, nor if the breach affects non-sensitive personal data or small…Read More Breach Laws & Norms in the UK & Ireland
In addition, while traditional bank robbers are limited to the amount of money they can physically carry from the scene of the crime, cyber thieves have a seemingly limitless supply of accomplices to help them haul the loot, by hiring so-called money mules to carry the cash for them. I can’t help but notice one…Read More Krebs on Cyber vs Physical Crooks
See George Hulme, “National Data Breach Law Steps Closer To Reality ” and Dennis Fisher “http://threatpost.com/en_us/blogs/two-data-breach-notification-bills-advance-senate-110609.” Dennis flags this awe-inspiring exception language: “rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.”…Read More 2 Proposed Breach Laws move forward
Earlier this month, the Department of Health and Human Services imposed a “risk of harm” standard on health care providers who lose control of your medical records. See, for example, “Health IT Data Breaches: No Harm, No Foul:” According to HHS’ harm standard, the question is whether access, use or disclosure of the data poses…Read More Changing Expectations around Breach Notice
Over on their blog, the law firm announces yet another class action suit over a breach letter has been dismissed. Unfortunately, that firm is doing a fine business in getting rid of such suits. I say it’s unfortunate for two reasons: first, the sued business has to lay out a lot of money (not as…Read More Proskauer Rose Crows "Rows of Fallen Foes!"
Missouri adds a law with a “risk of harm trigger” aka the full-employment provision for lawyers and consultants. Texas adds health data to their notification list. Most importantly, North Carolina requires notice to their attorney general for breaches smaller than 1,000 people. I think Proskauer here is being a little inaccurate when they characterize this…Read More New Breach Laws