On November 1st of last year, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).

Since November 1st, 2018, the Canadian government received 680 breach reports. That is six times the volume received during the same period one year

The Irish Data Protection Commission has issued guidance on data breach notification under GDPR.

Key takeaways:

A personal data breach is a security incident that negatively impacts the confidentiality, integrity, or availability of personal data, with the consequence that the controller is unable to ensure compliance with the principles for processing personal data as outlined

California has amended its data breach notification law to include biometric and other identifiers.

The bill (AB 1130), signed by Gov. Gavin Newsom on October 11, revises the definition of personal information for purposes of data breach notification requirements to add specified unique biometric data and tax identification numbers, passport numbers, military identification numbers, and

“Learning from recent breaches and the need for a greater understanding of privacy in the enterprise, it’s time for companies to take a new, proactive approach to data management. Making data privacy decisions in a silo is no longer enough. Organizations must now implement robust data privacy practices that also involve their board members on

Passports and biometric data would be included in the types of personal information covered by California’s data breach notification law, under a bill that passed the state Senate and is headed to Gov. Gavin Newsom.

A.B. 1130 by Assemblyman Marc Levine (D) would also add taxpayer and military identification numbers, and other unique government identification

The Irish Data Protection Commission and Polish Data Protection Authority have issued guidance on data breach notification under GDPR in which they address the following questions, and more:

  • When do you “become aware”​ of a data breach?
  • What should a data breach notification include?
  • How do you communicate a data breach notification?

The guidance offers

“Organisations in Singapore are now expected to take no more than 30 days to complete an investigation into a suspected data security breach and notify the authorities of the incident 72 hours after completing their assessment. These are part of new guidelines to help companies manage data breaches more effectively and are expected to be

Don’t store users’ passwords in cleartext. Really.

It’s not a good idea. Also, it may be deemed a ‘knowing violation’ of the EU General Data Protection Regulation (GDPR) requirement to adequately protect personal data.

That is one key takeaway from the GDPR enforcement action by the State Commissioner for Data Protection and Freedom of Information

The September 2015 data breach at Experian exposed the personal information of nearly 15 million wireless carrier customers, and we are just now learning the cost.

Data privacy and securityA recent earnings report revealed the company has expended $20 million in its response to the breach, which exposed information including names, addresses, birthdates, social security numbers, driver’s license