Legal

The other day, I wrote about the Data Accountability and Trust Act (DATA), which has been received well by consumer and privacy advocacy organizations. For example, “We’re pleased with the compromise ‘trigger’ language relating to when a business must notify individuals of a breach of their personal information,” said several privacy advocacy groups in a…

Read More Low-quality DATA

The Register has been on Ernst & Young’s case. The latest Exclusive! talks about a laptop stolen in early January, and how we now know it had info on BP employees, along with those from IBM and others. The article also observes that: It’s difficult to obtain an exact figure on how many people have…

Read More Laptop theft

In a somewhat incendiary piece published today at Securityfocus.com, Robert Lemos reports on loopholes in notification laws which permit firms to avoid informing people that their personal information has been revealed. According to the article, which along with unnamed “security experts” also cites industry notable Avivah Levitan, “[t]here are three cases in which a company…

Read More Breach notification escape mechanisms

New Jersey’s breach notification law went into effect in mid-December 2005. Like New York’s, it requires that a state entity be notified, in addition to the persons whose info was exposed: c. (1) Any business or public entity required under this section to disclose a breach of security of a customer’s personal information shall, in…

Read More New Jersey's breach law

Access and correction rights are something the DMA wants removed from the bill, Cerasale said. For one thing, it would be expensive for list brokers and compilers to set up procedures enabling consumers to access and correct data. For another, the same hackers who caused the breach could also change the data. Multichannelmerchant.com You can’t…

Read More Direct Marketing Association opposes consumer right to see, correct information