Todo lo que querías saber sobre la notificación de vulneraciones de datos personales en la nueva legislación mexicana (2da parte)

"Herring-Hall-Marvin Safe Co." (Caja fuerte, Museo de Minería de Nacozari, Estado de Sonora, México) (Photo courtesy of Ricardo Alonso (c) 2010. All rights reserved.) Available at http://www.flickr.com/photos/ricardo_alonso/4818845451.

Las empresas mexicanas no sólo tienen que cumplir con una ley de protección de datos en vigor desde enero del 2012 que les impone nuevas obligaciones y mejores medidas de seguridad. También tienen que estar listas para notificar a los titulares cuando sufran una vulneración a sus datos personales. Con amenazas como el espionaje industrial, ciber-criminales, empleados negligentes y rumores de ciber-guerra, no existe ninguna organización inmune a las fugas de datos. Esta entrada explica como estar preparado y como interpretar la reciente ley. (2da parte)

Rate this:

Advertisements

Todo lo que querías saber sobre la notificación de vulneraciones de datos personales en la nueva legislación mexicana (1ra parte)

"Data Dump" by Seth Anderson (2008). Available at http://www.wylio.com/credits/Flickr/2704017177. Published under a CC BY-SA 2.0 license.

Las empresas mexicanas no sólo tienen que cumplir con una ley de protección de datos en vigor desde enero del 2012 que les impone nuevas obligaciones y mejores medidas de seguridad. También tienen que estar listas para notificar a los titulares cuando sufran una vulneración a sus datos personales. Con amenazas como el espionaje industrial, ciber-criminales, empleados negligentes y rumores de ciber-guerra, no existe ninguna organización inmune a las fugas de datos. Esta entrada explica como estar preparado y como interpretar la reciente ley. (1ra parte)

Rate this:

Towards a New Personal Data Breach Notification Framework in the EU

The European Commission published recently a Proposal for a Regulation on personal data protection. If adopted, it would repeal the 1995 Data Protection Directive. The Proposal includes a new data security framework: both the data controller and the data processor would have to implement appropriate technical and organizational measures in order to ensure that data is secure; a personal data breach would have to be reported within 24 hours to the supervisory authority, and also, without undue delay, to the data subject if the breach would adversely affect his personal data or privacy. We comment some of the pending issues.

Rate this:

Implementation of Privacy by Design and Technical and Organizational Security Measures: The Data Masking Solution

The European Union is working on a revised set of rules for its data protection framework. The concept and principles of “privacy by design” has been incorporated in this draft. We will assess how data masking can be considered an effective data security measure and whether data masking fulfills privacy by design principles. Data masking is not encryption. It is a technique that provides for the replacement of real data with fictitious but realistic data in test environments.

Rate this:

“Is Your Company under Threat? New Digital Risks & Computer Attacks: Forensic & Data Protection Aspects” (Conference in Medellin, Colombia, Nov. 16, 2011)

Conference: "Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects - International Perspectives and the New Colombian Legislation" (EAFIT, Medellin, Colombia - 16 Nov. 2011)

“Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects – International Perspectives and the New Colombian Legislation.” A conference (in Spanish) about the recent Colombian data protection law, on Nov. 16, 2011 at the Universidad EAFIT in Medellin, Colombia.

Rate this:

New Brazilian Data Protection Bill Adopts Data Breach Notification Regime

"Metrô-Linha Vermelha" (Photo by "mlsirac"; shot on Sept. 11, 2010 in Sao Paulo, Brazil). Available at http://www.flickr.com/photos/mlsirac/4988830112/ (Creative Commons "Attribution-NonCommercial-NoDerivs 2.0 Generic (CC BY-NC-ND 2.0)" license.)

The new Brazilian Data Protection bill currently in discussion provides a whole new approach to data protection for the country. It also follows the current trend of several countries, the European Union included, by adopting a data breach notification regime. The text would make companies liable without the need to prove omission or negligence. Currently they are only liable to the extent of damages resulting from the misuse of information leaked or stolen due to a data security breach.

Rate this:

ENISA Surveys Stakeholders of Upcoming EU Data Breach Notification Regime

"Grillage gelé" (Photo by "Photophilius"; shot on Dec. 13, 2008). Available at http://www.flickr.com/photos/30254220@N04/3116313871/ (Creative Commons "Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0)" license.)

The European Network and Information Security Agency has recently published a report on data breach notifications in the European Union. ENISA surveyed data protection authorities, telecommunications regulatory authorities and telecom operators from different countries in the EU, but also from other non-EU countries such as the United States.
Using the various stakeholders’ responses, the report helps understand the practices and challenges of the future mandatory data breach notification regime, and aims to assist public authorities and private organizations in the EU as they implement data breach notification policies by providing a set of recommendations.
(Résumé aussi disponible en français)

Rate this:

European Data Protection Supervisor Supports General Obligation to Report Security Breaches

"Sunlight" (Photo by Luc De Leeuw; shot on Feb. 3, 2008). Available at http://www.flickr.com/photos/9619972@N08/2422737815/ (Creative Commons "Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0)" license.)

The European Data Protection Supervisor has recently issued an opinion on the review of the EU legal framework for data protection (Directive 95/46/EC). It expresses concerns regarding the increasing difficulties for individuals to protect the privacy of their personal data, and calls for strengthening individuals’ rights over them. This can be done, the EDPS argues, by making security breach notifications mandatory for all relevant sectors, increasing transparency of processing for data subjects, and introducing new rights, such as the “right to be forgotten” and the “right to data portability”.

Rate this:

Governo brasileiro inicia consulta pública sobre anteprojeto de lei sobre privacidade e proteção de dados pessoais

O Governo Brasileiro recentemente iniciou o processo de consulta pública sobre o Anteprojeto de Lei de Proteção de Dados Pessoais. Na trilha de países como México e Uruguai, a proposta aborda temas como segurança da informação e a obrigatoriedade dos responsáveis por tratamentos de dados de notificarem a ocorrência de falhas de segurança. Ao mesmo tempo, Phorm, empresa que foi expurgada do Reino Unido há dois anos pelo uso da tecnologia “deep packet inspection” sem o consentimento dos utilizadores da Internet e por isso atualmente é objeto de uma investigação criminal no continente europeu que já perdura dois anos, está testando seus serviços de rastreamento nos dois maiores provedores de Internet do Brasil. Iremos discutir o motivo pelo qual já é tempo da maior economia da América Latina de promover um debate público sobre privacidade e promulgar seus próprios regulamentos sobre proteção de dados e notificações de falhas de segurança.
(Abstract also available in English.)

Rate this:

La CNIL publie son premier guide sur la sécurité des données

"La sécurité" - Photo by Boris Drenec (2008). Shot on March 3, 2008. Available at http://www.flickr.com/photos/_boris/2360263645/in/pool-632629@N22/ (Creative Common "Attribution-NonCommercial-ShareAlike 2.0 Generic" license.)

La CNIL vient de publier son premier guide pratique sur la sécurité des données. Cette publication s’inscrit dans un mouvement plus général en Europe qui tend à renforcer le niveau de sécurité des données personnelles en prévoyant l’obligation de notifier les violations de sécurité. Dans ce cadre, la CNIL invite à un audit des systèmes d’information, à une évaluation des risques, et explique en 17 fiches pratiques les éléments essentiels et solutions techniques pour garantir la sécurité des données. Les entreprises procédant à des traitements de données à caractère personnel pourront utiliser ce guide afin de se conformer à l’obligation de sécurité prévue par la Directive “Données personnelles” et par la loi Informatique et Libertés. Ce guide sera d’une grande utilité pour les responsables de traitements, directeurs de systèmes d’information et CIL qui souhaitent améliorer la sécurité des traitements de données dans leurs entreprises.

Rate this:

  • Blog authors

  • Copyright notice

    © Copyright 2010-2014 "Information Security Breaches & The Law".
    All rights reserved, unless noted otherwise under each author's post, page or other material.
    If you would like to discuss licensing terms, contact us at: info [at] security-breaches [dot] com.

  • Enter your e-mail address here to follow this blog and receive notifications of new posts by e-mail.

  • The “Global Information Security Breach Professionals” Group on Linkedin

  • Wordpress Blog Stats

    • 43,064 hits