Archive for the “breach laws” category

The Breach Response Market Is Broken (and what could be done)

by adam on October 12, 2016

Much of what Andrew and I wrote about in the New School has come to pass. Disclosing breaches is no longer as scary, nor as shocking, as it was. But one thing we expected to happen was the emergence of (…)

Read the rest of this entry »

Paying for Privacy: Enterprise Breach Edition

by adam on March 15, 2013

We all know how companies don’t want to be named after a breach. Here’s a random question: how much is that worth to a CEO? What would a given organization be willing to pay to keep its name out of (…)

Read the rest of this entry »

HIPAA’s New Breach Rules

by adam on February 21, 2013

Law firm Proskauer has published a client alert that “HHS Issues HIPAA/HITECH Omnibus Final Rule Ushering in Significant Changes to Existing Regulations.” Most interesting to me was the breach notice section: Section 13402 of the HITECH Act requires covered entities (…)

Read the rest of this entry »

Breach Analysis: Data Source biases

by adam on January 30, 2013

Bob Rudis has an fascinating and important post “Once More Into The [PRC Aggregated] Breaches.” In it, he delves into the various data sources that the Privacy Rights Clearinghouse is tracking. In doing so, he makes a strong case that (…)

Read the rest of this entry »

Breach Notification in France

by adam on June 22, 2012

Over at the Proskauer blog, Cecile Martin writes “Is data breach notification compulsory under French law?” On May 28th, the Commission nationale de l’informatique et des libertés (“CNIL”), the French authority responsible for data privacy, published guidance on breach notification (…)

Read the rest of this entry »

Why Breach Disclosures are Expensive

by adam on February 7, 2012

Mr. Tripathi went to work assembling a crisis team of lawyers and customers and a chief security officer. They hired a private investigator to scour local pawnshops and Craigslist for the stolen laptop. The biggest headache, he says, was deciphering (…)

Read the rest of this entry »

Big Brother Watch report on breaches

by adam on November 30, 2011

Over at the Office of Inadequate Security, Dissent says everything you need to know about a new report from the UK’s Big Brother Watch: Extrapolating from what we have seen in this country, what the ICO learns about is clearly (…)

Read the rest of this entry »

Representative Bono-Mack on the Sony Hack

by adam on May 11, 2011

There’s a very interesting discussion on C-SPAN about the consumer’s right to know about breaches and how the individual is best positioned to decide how to react. “Representative Bono Mack Gives Details on Proposed Data Theft Bill.” I’m glad to (…)

Read the rest of this entry »

Data breach fines will prolong the rot

by adam on September 8, 2010

The UK’s Financial Services Authority has imposed a £2.28 million fine for losing a disk containing the information about 46,000 customers. (Who was fined is besides the point here.) I agree heartily with John Dunn’s “Data breach fines will not (…)

Read the rest of this entry »

Breach Laws & Norms in the UK & Ireland

by adam on June 14, 2010

Ireland has proposed a new Data Breach Code of Practice, and Brian Honan provides useful analysis: The proposed code strives to reach a balance whereby organisations that have taken appropriate measures to protect sensitive data, e.g. encryption etc., need not (…)

Read the rest of this entry »