The use of increasingly advanced technology means that the ways in which data breaches occur are becoming more difficult to prevent and track. Influenced by the US model, a growing number of EU and European Economic Area (EEA) countries are developing rules on data breach notification. In Europe, “data breach” generally refers to instances where personal data has been subject to unauthorised access, collection, use or disclosure. Data breaches may be caused by inadvertent or deliberate actions that result in data being stolen, lost or disclosed, such as theft of storage devices, infiltration (hacking) of computer systems or inadequate data security practices. Notification of data breach serves different purposes: the main purpose of notifying public authorities is to enable them to exercise their regulatory oversight functions, such as identifying security problems and taking actions to address them. Notifying individuals aims at enabling them to mitigate the risk of harm caused by the breach. In addition, notification can serve to motivate organisations to implement more effective security measures to protect personal data.
In Europe, approaches to data breach notification vary. There are countries with statutory law and guidance on breach notification requirements across sectors. In other countries, neither specific rules nor guidance exist.
Please see full article below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.