Since June 1, eight U.S. states have either amended or enacted tougher new data breach notification laws requiring notification anywhere between 30 to 60 days. While still a far cry from the 72 hours required under the European GDPR, tougher notification laws will no doubt be adopted around the world.
The large amount of the Booking.com fine is a point of contention as it stretches to the limit of what the GDPR allows for a data breach notification incident that involved relatively little sensitive personal information.
In this article, Mary Thel Mundin examines the recently implemented rules and regulations of the Data Privacy Act of the Philippines (RA 10173) and the implications for organisations that handle personal data both within the borders of the Philippines and those who handle personal data and have links to the Philippines.
In part one of a two part series, we examine some of the challenges that companies face in terms of the evolving privacy and data protection landscape. Data protection and privacy issues are now bedrock strategic issues for companies across the world and Information Security professionals are now under even more pressure to ensure that data remains secure. The value of data as an intangible asset continues to grow and legislation and regulation is becoming ever more stringent. The onus is on companies to comply or suffer the consequences. This is going to require a whole new breed of information security professional. In part two of this series (in next month’s newsletter) we’ll look at the argument for and against a new role combining Chief Security and Privacy Officer in this rapidly evolving regulatory environment.
This article is based on a presentation made by Steven Klimt, a partner in the Sydney office of Clayton Utz during the Data Privacy Asia 2016 conference held on 9-11 November 2016. It outlines the new mandatory data breach reporting legislation, how Australian privacy regulation impacts Big Data and the differences between Australian Privacy legislation and the proposed EU GDPR.
7 notified Sears, Best Buy, Delta, and other clients using their platform, about a data breach six months after the breach occurred. What should service providers and organizations that contract these third parties be doing better to protect their customers' privacy and personal data?