A little over a year ago, an amendment to Australia’s Privacy Act 1988 established mandatory data breach notification obligations. Called the Notifiable Data Breaches scheme (NDB), these new requirements meant that organizations subject to the Act would now be required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of a data breach […]
Read moreRadarFirst Blog
Kelly Burg, CIPP/US, Senior Product Manager
The Sooner the Better: Increasing Specificity in Notification Timelines
Today’s world is built for speed. Want a ride? Get an Uber or Lyft at your door in 10 minutes. Want your food faster? Use Grubhub and order ahead. Have a data breach requiring notification? Work quickly, because you may only have 72 hours to provide notification to individuals and regulatory authorities, depending on the […]
Read moreA Regulatory Trend to Watch: The Expanding Scope of Personal Information
In 2018, less than 10 percent of data privacy or security incidents were breaches requiring notification. Yet it wouldn’t be surprising if that percentage starts to increase. One of the key factors in breach determination is the nature of the personal information exposed. Last year, we saw a significant expansion in the definition of personal […]
Read moreBreach Notification Regulatory Trends from 2018
2018 was all about change, especially in the breach notification realm. The tightening of existing regulations and the addition of new ones have created a seismic shift toward greater complexity and stringency. Compliance has never been more critical—and never more difficult.
Read morePIPEDA’s New Mandatory Breach Notification and Recordkeeping Requirements: How Do They Compare with the GDPR and U.S. Regulations?
The landscape of global data breach laws has been marked by continuous change in recent years. One of the most significant this year was the coming into force of the EU General Data Protection Regulation (GDPR). Described by ICO Commissioner Elizabeth Denham as “the biggest change to data protection law in a generation,” the GDPR […]
Read moreRegulatory Watchlist: Recent Changes to State Data Breach Notification Regulations
A number of state data breach bills have recently gone into effect, or are poised to go into effect in the next two months. Continuing our series of articles around trends in state data breach notification laws, let’s take a look at this legislation and see what trends we can identify.
Read moreRegulatory Watch List: Breach Notification Timelines in Proposed State Legislation
Working with privacy and compliance professionals, one of the challenges we often hear about is how difficult it can be to keep up with ever-changing breach notification regulations. Think of it this way: in the US alone there are 48 separate state breach notification laws (along with Washington, D.C. and three territories), each with their […]
Read moreMaryland Revises Personal Information Protection Act, Brings More Specificity to Breach Notification Requirements
This year has barely begun and already there’s something new in the world of state breach notification requirements. On Jan 1, 2018, revisions to the Maryland Personal Information Protection Act (HB 974) went into effect, adding more specificity to the state’s breach notification requirements.
Read moreWashington State Attorney General Files Lawsuit Against Uber – Will Other States Follow?
On November 21, 2017, Uber disclosed a data breach potentially affecting 57 million passengers and drivers around the world, including over 10,000 Washingtonians. One week later, on November 28, 2017, Washington State Attorney General Bob Ferguson filed a consumer protection lawsuit.
Read moreArkansas Enacts State Insurance Department General Omnibus Bill (SB 247)
Surprising some with its quick journey from filing to enrollment then approval by the governor – less than 30 days – a new State Insurance Department General Omnibus Bill goes into effect in Arkansas on August 1, 2017.
Read more