The Home Depot Data Breach

© 2014 Colourbox

With up to 60 million customers affected, the recent security breach at North America’s largest hardware store, The Home Depot, once again proves that even some of the largest retailers have not implemented business processes that ensure the timely detection and communication, if not prevention, of such incidents. This post sheds a light on their dire consequences for consumers and what lawmakers in the U.S. and the E.U. intend to do about it.

Rate this:

The top 8 issues all CIO’s, CSO’s and CPO’s should know about how to notify data breaches in Europe

As the EU is about to enact a General Data Protection Regulation that will introduce a general obligation to notify personal data breaches for all companies doing business in Europe or directing it towards EU-based customers, we provide the reader with 8 of the most important aspects related to the implementation of this new obligation.

Rate this:

The State of the State: U.K. Government Data Breaches

Government data breaches are very much a parochial problem in the U.K., causing indignation in widespread locales. In its recently published Annual Report for 2012/13, the Information Commissioner’s Office (ICO) states that data leaks by local authorities are a priority area for the data protection body. The ICO receives both individual complaints and declarations of self-reported data breaches from public and private entities.

Rate this:

The State of the State: U.S. Government Data Breaches

"Head in Hands" by Alex E. Proimos. Shot on December 14, 2009 at Monnaie, Paris, France. Available at http://www.flickr.com/photos/proimos/4199675334/. Published under a Attribution-NonCommercial 2.0 Generic (CC BY-NC 2.0) license.

Government data breaches run the gamut, but recently we are hearing about years-old security vulnerabilities that are not discovered by the government agencies themselves, but by outsiders. Plus, a review of the broad numbers regarding U.S. government data breaches of the past four years.

Rate this:

How and Wow: Verizon’s Tactical Survey of Global Data Breaches

Designer: Thomas Saur. Available at http://wall.alphacoders.com/big.php?i=10203.

What is really happening on the ground with data breaches globally? The Verizon “2013 Data Breach Investigations Report” aggregates and analyzes data from over 47,000 data security incidents and 621 confirmed data breaches. Read this summation to acquaint yourself with the Report’s telling details, unexpected correlations and promising strategies for detection and prevention.

Rate this:

Towards a New Personal Data Breach Notification Framework in the EU

The European Commission published recently a Proposal for a Regulation on personal data protection. If adopted, it would repeal the 1995 Data Protection Directive. The Proposal includes a new data security framework: both the data controller and the data processor would have to implement appropriate technical and organizational measures in order to ensure that data is secure; a personal data breach would have to be reported within 24 hours to the supervisory authority, and also, without undue delay, to the data subject if the breach would adversely affect his personal data or privacy. We comment some of the pending issues.

Rate this:

Implementation of Privacy by Design and Technical and Organizational Security Measures: The Data Masking Solution

The European Union is working on a revised set of rules for its data protection framework. The concept and principles of “privacy by design” has been incorporated in this draft. We will assess how data masking can be considered an effective data security measure and whether data masking fulfills privacy by design principles. Data masking is not encryption. It is a technique that provides for the replacement of real data with fictitious but realistic data in test environments.

Rate this:

Comentários ao Anteprojeto de Lei Brasileiro sobre Proteção de Dados Pessoais

"Chove no Recife" (Photo by "Nuage Bleu"; shot on Jan. 9, 2010). Available at http://www.flickr.com/photos/13075815@N03/4258751419/ (Creative Commons Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0)" license.)

O Brasil, em contramão a muitos de seus pares no cenário mundial, ainda não dispõe de proteção adequada para dados de natureza pessoal. Mesmo levando em consideração as proteções à intimidade e à privacidade estabelecidas pela Constituição Federal e pelo Código Civil, e o amparo aos dados consumeristas, imposto pelo Código de Defesa do Consumidor, … Continue reading

Rate this:

ENISA Surveys Stakeholders of Upcoming EU Data Breach Notification Regime

"Grillage gelé" (Photo by "Photophilius"; shot on Dec. 13, 2008). Available at http://www.flickr.com/photos/30254220@N04/3116313871/ (Creative Commons "Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0)" license.)

The European Network and Information Security Agency has recently published a report on data breach notifications in the European Union. ENISA surveyed data protection authorities, telecommunications regulatory authorities and telecom operators from different countries in the EU, but also from other non-EU countries such as the United States.
Using the various stakeholders’ responses, the report helps understand the practices and challenges of the future mandatory data breach notification regime, and aims to assist public authorities and private organizations in the EU as they implement data breach notification policies by providing a set of recommendations.
(Résumé aussi disponible en français)

Rate this:

Canada May Soon Have a Data Breach Law

Canadian Industry Minister Tony Clement introduced a bill on May 25, the Safeguarding Canadian’s Personal Information Act (C-29), which would amend Canada’s national privacy legislation, the Personal Information and Electronic Documents Act of 1998 (“PIPEDA”). C-29 would introduce a security breach disclosure (also called “notification” in the United States) requirement in PIPEDA. Canada does not yet have such a law, contrary to the United States where the majority of states have enacted data breach notification statutes.

Rate this:

  • Blog authors

  • Copyright notice

    © Copyright 2010-2014 "Information Security Breaches & The Law".
    All rights reserved, unless noted otherwise under each author's post, page or other material.
    If you would like to discuss licensing terms, contact us at: info [at] security-breaches [dot] com.

  • Enter your e-mail address here to follow this blog and receive notifications of new posts by e-mail.

  • The “Global Information Security Breach Professionals” Group on Linkedin

  • Wordpress Blog Stats

    • 42,622 hits