California Office of Privacy Protection | Information Security Breaches & The Law

Categories
Categories
Pages
Andreas Leupold Annie C. Bai Armando Becerra Brazil Canada Canadian Law Central America Central American Law Colombia Comments Conferences Countries Cédric Laurant English Español EU Law Europe European Union Farid Bouguettaya France Français Germany Héctor Guzmán Infographics Interviews Joseph Santangelo Latin America Law Marie-Andrée Weiss Mexico News Non-EU North America Notes Online Backup Geeks Opinions Outlines Português Posts (Practical guides) Renato Leite Monteiro Reports & Surveys South America South American Law United Kingdom United States
Security Breach Library (latest items)
- Fortinet 2013 Cybercrime Report (December 2012) This paper explores the world of the cybercriminal, describes how they build and deploy attacks to harvest valuable data, and what you can do to fight back.
- Online Trust Alliance Data Protection & Breach Readiness Guide (February 2013) The goal of the 2013 Data Protection & Breach Readiness Guide is to provide prescribed guidelines that help businesses proactively develop a plan to minimize data collection, enhance data protection and to create a customer-centric incident response p
- Security & Defense Agenda, Cyber-security: "The vexed question of global rules – An independent report on cyber-preparedness around the world" (Feb. 2012) This report is made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a glob
- Verizon, 2013 Data Breach Investigations report (April 2013) This report makes you discover stats that might surprise you: from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach.
December 2019

M T W T F S S

« Sep

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

30 31
Blogroll (recommended reference websites)

December 2019
M	T	W	T	F	S	S
« Sep
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Will France adopt a law requiring the notification of security breaches?

Posted by "Security Breaches" Administrator on August 6, 2010 · 3 Comments

A French bill “to better guarantee the right to privacy in the digital age” has implemented the European Directive 2009/136/EC by requiring the data controller to inform the “Data Protection Correspondent” (a person within an organization who could be the controller or someone assisting the controller), or in the absence thereof, the French data protection authority (the Commission Nationale de l’Informatique et des Libertés), of a breach of integrity or confidentiality. Those involved in the breach must also be informed, at least if security breaches are “likely to adversely affect” their personal data. The bill follows the recommendation of the Directive to notify individuals of security breaches for all sectors, not just electronic communications. It was adopted by the French Senate on March 24, 2010 and is currently before the National Assembly.
(A French version of this article is also available in this blog.)

Rate this:

Filed under Cédric Laurant, Comments, Countries, English, EU Law, Europe, European Union, France, Marie-Andrée Weiss · Tagged with Act No. 78-17 of January 6 1978, Act on Data Processing Data Files and Individual Liberties, California, California Office of Privacy Protection, California Security Breach Notification Act, CNIL deliberation No. 81-94 of July 21 1981, Commission nationale de l’informatique et des libertés, contract, contractual clauses, data breach, data confidentiality, data controller, data protection correspondent, data security, data security breaches, EU Directive 2002/58/EC, EU Directive 2009/136/EC, French Data Protection Act, French Data Protection Authority, French National Assembly, French Senate, general IT security measures, personal data, security breach, security breach notification, technological protection measures, unauthorized access, United States

La France va-t-elle se doter d’une loi rendant obligatoire les notifications des violations de sécurité ?

Posted by "Security Breaches" Administrator on August 3, 2010 · 2 Comments

La proposition de loi française “visant à mieux garantir le droit à la vie privée à l’heure du numérique” transpose la Directive 2009/136/CE en obligeant les responsables de traitements de données à caractère personnel d’informer le correspondant “informatique et libertés” ou, en son absence, l’autorité de protection de la vie privée (la CNIL), d’une violation de l’intégrité ou de la confidentialité de ces traitements, ainsi que les personnes concernées par cette violation, du moins si les failles de sécurité sont “de nature à affecter négativement” leurs données à caractère personnel. Elle suit également la recommandation de la directive européenne de notifier aux particuliers les violations de sécurité pour tous les secteurs, pas seulement celui des communications électroniques. Elle a été adoptée par le Sénat français depuis le 24 mars 2010 et est actuellement devant l’Assemblée nationale.
(An English version of this article is also available in this blog.)

Rate this:

Filed under Cédric Laurant, Comments, Countries, EU Law, Europe, European Union, Français, France, Law, Marie-Andrée Weiss · Tagged with accès non autorisé, Assemblée nationale française, California Office of Privacy Protection, California Security Breach Notification Act, Californie, CNIL, Commission nationale de l’informatique et des libertés, confidentialité des données, correspondant "informatique et libertés", délibération de la CNIL, délibération de la CNIL n°81-94 du 21 juillet 1981, Directive européenne 2002/58/CE, Directive européenne 2009/136/CE, données à caractère personnel, droit à la vie privée, France, loi "Informatique et libertés", loi no. 78-17 du 6 janvier 1978, mesures générales de sécurité des systèmes informatiques, proposition de loi, responsable du traitement, sécurité des données, Sénat français, violations de sécurité

Read this website in your language!

--> Click here to translate
Most Visited Posts & Pages (last 24-48 h)
Top Rated
Recent Posts
Tag Cloud
adequate level of data protection América Móvil anonymization Anteprojeto de Lei sobre privacidade e proteção de dados pessoais (Brasil) Argentina Article 29 Data Protection Working Party Assemblée nationale française Binding corporate rules brechas de seguridad Bundesdatenschutzgesetz California Office of Privacy Protection California Security Breach Notification Act Californie CIL cloud computing CNIL Code des postes et des communications électroniques Commission nationale de l’informatique et des libertés confidentiality confidentialité des données contractual clauses correspondant "informatique et libertés" cybersecurity Código de Defesa do Consumidor (Brasil) dados pessoais damage to reputation data breach data breaches data breach notification data controller data loss data protection Data Protection Authority data protection by default data protection law data protection officer data security data security breaches data subject datos personales Directive 95/46/CE Directive 2009/136/CE Directive 2009/140/CE données à caractère personnel Düsseldorfer Kreis encryption ENISA Estados Unidos EU Directive 95/46/EC EU Directive 2002/58/EC EU Directive 2009/136/EC EU e-Privacy Directive European Commission European data protection authorities European Data Protection Supervisor European Network and Information Security Agency European Union external audit externalisation failles de sécurité falhas de segurança fallas de seguridad Farmacias San Pablo fuga de datos fuga de información German Federal Data Protection Act Germany Google hackeo hacking IaaS IFAI Information Commissioner’s Office information security Informatique en Nuage Instituto Federal de Acceso a la Información y Protección de Datos integrity intimidade IT security Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) LFPDPPP LinkedIn loi "Informatique et libertés" loi no. 78-17 du 6 janvier 1978 medidas de seguridad México notificación de brechas de seguridad notificación de vulneraciones de seguridad notification des violations de securité obligations en matière de sécurité PaaS personal data plan de continuidad de negocio Privacidade privacy privacy by design Proteção de Dados Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) responsable du traitement responsables de traitement de données RLFPDPPP SaaS Safe Harbor Framework Safe Harbor self-certification security breach security breaches security breach notification self-regulation sensitive information sensitive personal information sécurité des données technical and organizational measures technological protection measures Telcel TV Azteca Union européenne United Kingdom United States US Federal Trade Commission vie privée violaciones de seguridad violations de sécurité vulnerability vulneración de datos personales vulneración de seguridad
Blog Tweets (last 5)
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #hipaa #sentara - Tweeted 6 days ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #ransomware #databreach - Tweeted 1 week ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #brazilgp #f1 - Tweeted 2 weeks ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #privacy #phishing - Tweeted 3 weeks ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hiv #google - Tweeted 1 month ago
Follow @security_breach
Recent News on Security Breaches
- ENISA releases report on situation of implementation of e-Privacy Directive's data breach notification requirement (ENISA, Jan. 13, 2011) “ENISA reviewed the current situation in order to develop a consistent set of guidelines addressing the technical implementation measures and the procedures, as described by Article 4 of the reviewed Directive 2002/58/EC.”
- "EU Study Frowns over Data Breach Notification Rules. Cyber-security Agency Worries" (The Register, Jan. 14, 2011) New study identifies risk prioritisation, enforcement and resources as key issues. ENISA hopes research will help to develop best practice on breach notification and inform future decisions on whether EU rules, first to apply to telcos and ISPs, ought to
- Citigroup Cites $2.7 Million in Customer Losses From Hack (Wall Street Journal, June 25, 2011) Citigroup Inc. has told government officials that about 3,400 of the customers whose credit-card information was hacked have suffered about $2.7 million in losses
- Citigroup did little to assist victims of privacy breach, critics say (The Globe and Mail, June 24, 2011) After a massive data breach last month, Citigroup did not offer its hacked clients the same degree of identity-theft protection that many other companies provide, drawing criticism from privacy advocates.
- Citigroup says hackers accessed bank card data (The Globe and Mail, June 9 & 14, 2011) About 1% of Citibank’s card customers were affected by the breach, which a report asserts had been discovered in May during routine monitoring.
- Preparation for hacker attacks helps in protecting, insuring firms (Business insurance.com, June 27, 2011) “Preparing in advance for a seemingly inevitable data breach will put a company in a better position to respond when its systems are attacked, as well as improve its position with insurers in seeking cyber risk coverage.”
- "Data Breaches a Symptom of a Bigger Problem" (Infosecurity-us.com, June 14, 2011) “Organizations that lack adequate security funding – especially small and medium-sized businesses – are being targeted by hackers because they are easy prey.”
- "Cybersecurity: SEC outlines requirement that companies report cyber theft and attack" (Washington Post, Oct. 15, 2011) “Cyberspies and criminals steal what is estimated to be tens of billions of dollars worth of data from U.S. companies each year. Yet experts say few companies report these losses to shareholders.”

Information Security Breaches & The Law

Categories

Pages

Security Breach Library (latest items)

Blogroll (recommended reference websites)

Will France adopt a law requiring the notification of security breaches?

Rate this:

La France va-t-elle se doter d’une loi rendant obligatoire les notifications des violations de sécurité ?

Rate this:

Read this website in your language!

Most Visited Posts & Pages (last 24-48 h)

Top Rated

Recent Posts

Tag Cloud

Blog Tweets (last 5)

Recent News on Security Breaches

Blog authors

Copyright notice

Authors' recent talks on information security & data protection issues

Authors' upcoming talks on information security & data protection issues

Archives by date

Subscribe to this blog by e-mail

The “Global Information Security Breach Professionals” Group on Linkedin

Wordpress Blog Stats