Collaborate Disseminate
Aaron Boyd reports: The Education Department is rolling out new rules for accessing and handling agency data by third parties—including students, parents and loan companies—with updated criminal penalties for anyone not following the new statutes. The … Continue reading Education Department Updates Rules and Criminal Penalties for Accessing Agency Data
Maggie Miller reports: Key industry groups on Wednesday pushed to give organizations at least three days to report cybersecurity incidents to the federal government, effectively opposing Senate legislation that would give them 24 hours to report breach… Continue reading Industry lobbies Congress to extend notification timeline after cybersecurity incidents
Vishal Raghavan has an opinion piece in The Leaflet about the failure of Indian firms to notify customers of breaches or to be held accountable and fined monetarily by regulators. He begins by reviewing a number of high-profile breaches reported in the… Continue reading Indian companies go scot-free despite breach of customer data
Coco Feng reports: The telecoms authority of China’s eastern Zhejiang province has told the cloud computing unit of Alibaba Group Holding that it violated the country’s Cybersecurity Law and should make rectifications following a complaint about a 2019… Continue reading Alibaba Cloud data leak ‘violated Cybersecurity Law’ in 2019 and must rectify, local Chinese telecoms regulator says
Aultman Health Foundation Notifying Patients of Insider-Wrongdoing The Ohio foundation is notifying approximately 7,000 patients that a former employee accessed their records without business need. HOYA Optical Labs of America Notifying Patients of Ra… Continue reading Bits ‘n Pieces
admin posted: Anti-money laundering specialist SmartSearch said regulated businesses in the housing chain which are relying on manual customer records risk non-compliance more than three years after the GDPR laws came into force in the UK. John Dobson,… Continue reading SmartSearch issues warning over risk of GDPR breach
Deborah George of Robinon + Cole writes: Two more state governors, those of Maine and North Dakota, have signed bills into law that adopt the National Association of Insurance Commissioners (NAIC) data security model law (Model Law). Maine and North Da… Continue reading Maine and North Dakota Are Latest States to Adopt the NAIC Data Security Model Law
An announcement from the Personal Data Protection Commission of Singapore: The PDPC has updated Guide to Managing Data Breaches 2.0 (now known as the Guide on Managing and Notifying Data Breaches under the PDPA) with details of the mandatory data breac… Continue reading SG: Revised Guides on Managing Data Breach and Active Enforcement Now Available
Hunton Andrews Kurth writes: On March 2, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Data Protection Board (“EDPB”) consultation on draft guidelines on examples regarding da… Continue reading CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification
Ranjan Agarwal, Keely Cameron, J. Sébastien A. Gittens, and Justin Lambert of Bennett Jones write: Court of Queen’s Bench of Alberta, in Setoguchi v Uber B.V., 2021 ABQB 18, recently dismissed an application for certification of a proposed class … Continue reading Et tu, Canada? Evidence of Harm Required To Advance Class Action Following Data Breach