US data breach notification law under scrutiny
Wed 28 Jan 2015, 18:20

In US, lawmakers and witnesses at a Tuesday hearing argued about whether a national data breach notification law should preempt 47 existing state laws and whether breached companies should be required to notify customers even when they determine their breaches are unlikely to cause harm.

Disagreements over those two issues have been part of the reason why Congress hasn't passed a national data breach notification law over the past decade. But the time has come for Congress to pass a national law, members of the House of Representatives Energy and Commerce Committee's commerce subcommittee said.

Access comments on Obama’s new cybersecurity proposals
Tue 13 Jan 2015, 23:00

This week the White House announced plans to release a new legislative proposal aimed at providing notice to victims of corporate data breaches. The Personal Data Notification and Protection Act is expected to look similar to the Administration’s 2011 proposal, including a provision that would preempt stronger state laws. Additionally, the president also promised draft legislation implementing the Consumer Privacy Bill of Rights, as well as separate draft legislation increasing protections for student data. While these proposals show the White House’s prioritizing data security, it is not yet clear that Personal Data Notification and Protection Act will actually lead to improved security or provide adequate protection for users’ privacy.

FBI proposes Congress 3 ways to fight cyber threats
Fri 12 Dec 2014, 18:20

FBI’s assistant director Joseph Demarest suggested three ways Congress could combat cyber threat: to update the Computer Fraud and Abuse Act, to require businesses to provide prompt notice to consumers in the wake of cyber attacks, and for government and the private sector to share insights into cyber threats.

Dutch Data Protection Authority publishes consultation version of guidelines on breach notice law
Thu 24 Sep 2015, 14:53

The Dutch Data Protection Authority (CBP) published a consultation document with draft guidelines on the breach notice obligation of data controllers in the Netherlands. Under the law, data controllers are required to provide notice of data breaches to the CBP and, under certain circumstances, to the affected individuals. This obligation will take effect on January 1, 2016.

New Netherlands notification requirements will change data controllers’ view of cybersecurity
Tue 7 Jun 2016, 13:43

Effective 1 January 2017, Dutch data protection law requires organizations to notify the Dutch Data Protection Authority within 72 hours of “a breach of security […] which results in a significant chance of severe detrimental effects or has severe detrimental effects for the protection of the private life". The data subject must also be informed if “the breach probably will result in adverse effects on their private life”. These obligations only apply if the Dutch Data Protection Act applies, for instance in situations wherein a Dutch entity is data controller.