ICE has been charged with causing nine of its subsidiaries in total, the NYSE included, to fall afoul of breach reporting requirements as they were not provided the information by their parent company in a timely enough manner.
SEC's new rule for public companies to report data breaches within four days is a significant step towards transparency, cybersecurity preparedness, and standardizing reporting practices. Since news of the law broke, many security professionals have however expressed conflicting opinions.
New rules voted in by the SEC last week require all publicly traded companies to report any cybersecurity breaches that could cause a material impact within four days. Timer doesn't start until the company determines that the breach could be material.
The FCC launched a proceeding to strengthen data breach notification regulations for telecommunications companies to ensure faster reporting and to harmonize federal rules with states and other sectors.
The large amount of the Booking.com fine is a point of contention as it stretches to the limit of what the GDPR allows for a data breach notification incident that involved relatively little sensitive personal information.
Since June 1, eight U.S. states have either amended or enacted tougher new data breach notification laws requiring notification anywhere between 30 to 60 days. While still a far cry from the 72 hours required under the European GDPR, tougher notification laws will no doubt be adopted around the world.
There will be grey areas in GDPR for a while to come and certainly in the early stages there will be test cases and adjustments to the Articles to clarify and ratify their use in real world practice.
[24]7 notified Sears, Best Buy, Delta, and other clients using their platform, about a data breach six months after the breach occurred. What should service providers and organizations that contract these third parties be doing better to protect their customers' privacy and personal data?
In this article, Mary Thel Mundin examines the recently implemented rules and regulations of the Data Privacy Act of the Philippines (RA 10173) and the implications for organisations that handle personal data both within the borders of the Philippines and those who handle personal data and have links to the Philippines.
This article is based on a presentation made by Steven Klimt, a partner in the Sydney office of Clayton Utz during the Data Privacy Asia 2016 conference held on 9-11 November 2016. It outlines the new mandatory data breach reporting legislation, how Australian privacy regulation impacts Big Data and the differences between Australian Privacy legislation and the proposed EU GDPR.










