data protection officer | Information Security Breaches & The Law

Categories
Categories
Pages
Andreas Leupold Annie C. Bai Armando Becerra Brazil Canada Canadian Law Central America Central American Law Colombia Comments Conferences Countries Cédric Laurant English Español EU Law Europe European Union Farid Bouguettaya France Français Germany Héctor Guzmán Infographics Interviews Joseph Santangelo Latin America Law Marie-Andrée Weiss Mexico News Non-EU North America Notes Online Backup Geeks Opinions Outlines Português Posts (Practical guides) Renato Leite Monteiro Reports & Surveys South America South American Law United Kingdom United States
Security Breach Library (latest items)
- Fortinet 2013 Cybercrime Report (December 2012) This paper explores the world of the cybercriminal, describes how they build and deploy attacks to harvest valuable data, and what you can do to fight back.
- Online Trust Alliance Data Protection & Breach Readiness Guide (February 2013) The goal of the 2013 Data Protection & Breach Readiness Guide is to provide prescribed guidelines that help businesses proactively develop a plan to minimize data collection, enhance data protection and to create a customer-centric incident response p
- Security & Defense Agenda, Cyber-security: "The vexed question of global rules – An independent report on cyber-preparedness around the world" (Feb. 2012) This report is made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a glob
- Verizon, 2013 Data Breach Investigations report (April 2013) This report makes you discover stats that might surprise you: from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach.
January 2020

M T W T F S S

« Sep

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31
Blogroll (recommended reference websites)

January 2020
M	T	W	T	F	S	S
« Sep
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

The top 8 issues all CIO’s, CSO’s and CPO’s should know about how to notify data breaches in Europe

Posted by "Security Breaches" Administrator on July 2, 2014 · 1 Comment

As the EU is about to enact a General Data Protection Regulation that will introduce a general obligation to notify personal data breaches for all companies doing business in Europe or directing it towards EU-based customers, we provide the reader with 8 of the most important aspects related to the implementation of this new obligation.

Rate this:

Filed under Andreas Leupold, Comments, English, EU Law, Europe, European Union, Outlines · Tagged with adverse effect, breach notification process, Chief Information Officer, Chief Privacy Officer, Chief Security Officer, CIO, CPO, CSO, data breaches, data controllers, data processors, data protection authorities, data protection officer, data security breaches, EU Directive 2002/58/EC, EU Directive 2009/136/EC, European Data Protection Board, GDPR, General Data Protection Regulation, incident discovery and reporting system, intelligence agencies, national supervisory authorities, obligation to report, personal data breach, technological protection measures, without undue delay

New Brazilian Data Protection Bill Adopts Data Breach Notification Regime

Posted by "Security Breaches" Administrator on May 9, 2011 · Leave a Comment

"Metrô-Linha Vermelha" (Photo by "mlsirac"; shot on Sept. 11, 2010 in Sao Paulo, Brazil). Available at http://www.flickr.com/photos/mlsirac/4988830112/ (Creative Commons "Attribution-NonCommercial-NoDerivs 2.0 Generic (CC BY-NC-ND 2.0)" license.)

The new Brazilian Data Protection bill currently in discussion provides a whole new approach to data protection for the country. It also follows the current trend of several countries, the European Union included, by adopting a data breach notification regime. The text would make companies liable without the need to prove omission or negligence. Currently they are only liable to the extent of damages resulting from the misuse of information leaked or stolen due to a data security breach.

Rate this:

Filed under Brazil, Cédric Laurant, Comments, English, Latin America, Law, Renato Leite Monteiro, South America, South American Law · Tagged with adequate protection, anonymization, Argentina, Consumer Protection Code (Brazil), data breach notification, data protection, Data Protection Authority, Data Protection Bill (Brazil), data protection officer, data security breaches, Directive 95/46/EC, European Union, Marco Civil (Brazil), México, National Counsel on Protection of Personal Data (Brazil), negligence, omission, personal data, PIPEDA (Canada), preventive security measures, privacy, sensitive data, Uruguay

ENISA Surveys Stakeholders of Upcoming EU Data Breach Notification Regime

Posted by "Security Breaches" Administrator on February 23, 2011 · 3 Comments

"Grillage gelé" (Photo by "Photophilius"; shot on Dec. 13, 2008). Available at http://www.flickr.com/photos/30254220@N04/3116313871/ (Creative Commons "Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0)" license.)

The European Network and Information Security Agency has recently published a report on data breach notifications in the European Union. ENISA surveyed data protection authorities, telecommunications regulatory authorities and telecom operators from different countries in the EU, but also from other non-EU countries such as the United States.
Using the various stakeholders’ responses, the report helps understand the practices and challenges of the future mandatory data breach notification regime, and aims to assist public authorities and private organizations in the EU as they implement data breach notification policies by providing a set of recommendations.
(Résumé aussi disponible en français)

Rate this:

Filed under Cédric Laurant, English, Europe, European Union, Farid Bouguettaya, Non-EU, Outlines, Reports & Surveys · Tagged with "Telecom Package", Article 29 Data Protection Working Party, best practices, black lists, breach mitigation measures, data breach, data breach inventory, data breach notification, data breach notification policy, data breach notification procedures, data breaches, data ombudsman, data protection, data protection officer, data security, data security breaches, deterrence measures, ENISA, EU Directive 2002/58/EC, EU Directive 2009/136/EC, EU Directive 95/46/EC, EU e-Privacy Directive, EU Regulation 460/2004/EC, European Commission, European data protection authorities, European Data Protection Supervisor, European Network and Information Security Agency, financial sector, fines, Germany, guidelines, healthcare sector, Information Commissioner Office (UK), information security, information security policy, Internet service providers, media exposure, monetary penalties, negative publicity, Norway, personal data, publicly available electronic communications services, regulatory authorities, Royal Decree (No. 1720/2007) (Spain), security document, Spain, technical implementing measures, telecommunications operators, telecommunications sector, Turkey, undue delay, United Kingdom, United States

Read this website in your language!

--> Click here to translate
Most Visited Posts & Pages (last 24-48 h)
Top Rated
Recent Posts
Tag Cloud
adequate level of data protection América Móvil anonymization Anteprojeto de Lei sobre privacidade e proteção de dados pessoais (Brasil) Argentina Article 29 Data Protection Working Party Assemblée nationale française Binding corporate rules brechas de seguridad Bundesdatenschutzgesetz California Office of Privacy Protection California Security Breach Notification Act Californie CIL cloud computing CNIL Code des postes et des communications électroniques Commission nationale de l’informatique et des libertés confidentiality confidentialité des données contractual clauses correspondant "informatique et libertés" cybersecurity Código de Defesa do Consumidor (Brasil) dados pessoais damage to reputation data breach data breaches data breach notification data controller data loss data protection Data Protection Authority data protection by default data protection law data protection officer data security data security breaches data subject datos personales Directive 95/46/CE Directive 2009/136/CE Directive 2009/140/CE données à caractère personnel Düsseldorfer Kreis encryption ENISA Estados Unidos EU Directive 95/46/EC EU Directive 2002/58/EC EU Directive 2009/136/EC EU e-Privacy Directive European Commission European data protection authorities European Data Protection Supervisor European Network and Information Security Agency European Union external audit externalisation failles de sécurité falhas de segurança fallas de seguridad Farmacias San Pablo fuga de datos fuga de información German Federal Data Protection Act Germany Google hackeo hacking IaaS IFAI Information Commissioner’s Office information security Informatique en Nuage Instituto Federal de Acceso a la Información y Protección de Datos integrity intimidade IT security Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) LFPDPPP LinkedIn loi "Informatique et libertés" loi no. 78-17 du 6 janvier 1978 medidas de seguridad México notificación de brechas de seguridad notificación de vulneraciones de seguridad notification des violations de securité obligations en matière de sécurité PaaS personal data plan de continuidad de negocio Privacidade privacy privacy by design Proteção de Dados Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) responsable du traitement responsables de traitement de données RLFPDPPP SaaS Safe Harbor Framework Safe Harbor self-certification security breach security breaches security breach notification self-regulation sensitive information sensitive personal information sécurité des données technical and organizational measures technological protection measures Telcel TV Azteca Union européenne United Kingdom United States US Federal Trade Commission vie privée violaciones de seguridad violations de sécurité vulnerability vulneración de datos personales vulneración de seguridad
Blog Tweets (last 5)
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #biometric #privacy - Tweeted 4 days ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hipaa #privacy - Tweeted 1 week ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hipaa - Tweeted 2 weeks ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight - Tweeted 3 weeks ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #privacy #ransomware - Tweeted 1 month ago
Follow @security_breach
Recent News on Security Breaches
- ENISA releases report on situation of implementation of e-Privacy Directive's data breach notification requirement (ENISA, Jan. 13, 2011) “ENISA reviewed the current situation in order to develop a consistent set of guidelines addressing the technical implementation measures and the procedures, as described by Article 4 of the reviewed Directive 2002/58/EC.”
- "EU Study Frowns over Data Breach Notification Rules. Cyber-security Agency Worries" (The Register, Jan. 14, 2011) New study identifies risk prioritisation, enforcement and resources as key issues. ENISA hopes research will help to develop best practice on breach notification and inform future decisions on whether EU rules, first to apply to telcos and ISPs, ought to
- Citigroup Cites $2.7 Million in Customer Losses From Hack (Wall Street Journal, June 25, 2011) Citigroup Inc. has told government officials that about 3,400 of the customers whose credit-card information was hacked have suffered about $2.7 million in losses
- Citigroup did little to assist victims of privacy breach, critics say (The Globe and Mail, June 24, 2011) After a massive data breach last month, Citigroup did not offer its hacked clients the same degree of identity-theft protection that many other companies provide, drawing criticism from privacy advocates.
- Citigroup says hackers accessed bank card data (The Globe and Mail, June 9 & 14, 2011) About 1% of Citibank’s card customers were affected by the breach, which a report asserts had been discovered in May during routine monitoring.
- Preparation for hacker attacks helps in protecting, insuring firms (Business insurance.com, June 27, 2011) “Preparing in advance for a seemingly inevitable data breach will put a company in a better position to respond when its systems are attacked, as well as improve its position with insurers in seeking cyber risk coverage.”
- "Data Breaches a Symptom of a Bigger Problem" (Infosecurity-us.com, June 14, 2011) “Organizations that lack adequate security funding – especially small and medium-sized businesses – are being targeted by hackers because they are easy prey.”
- "Cybersecurity: SEC outlines requirement that companies report cyber theft and attack" (Washington Post, Oct. 15, 2011) “Cyberspies and criminals steal what is estimated to be tens of billions of dollars worth of data from U.S. companies each year. Yet experts say few companies report these losses to shareholders.”

Information Security Breaches & The Law

Categories

Pages

Security Breach Library (latest items)

Blogroll (recommended reference websites)

New Brazilian Data Protection Bill Adopts Data Breach Notification Regime

Rate this:

ENISA Surveys Stakeholders of Upcoming EU Data Breach Notification Regime

Rate this:

Read this website in your language!

Most Visited Posts & Pages (last 24-48 h)

Top Rated

Recent Posts

Tag Cloud

Blog Tweets (last 5)

Recent News on Security Breaches

Blog authors

Copyright notice

Authors' recent talks on information security & data protection issues

Authors' upcoming talks on information security & data protection issues

Archives by date

Subscribe to this blog by e-mail

The “Global Information Security Breach Professionals” Group on Linkedin

Wordpress Blog Stats