On 13 February 2017, the Australian Senate passed into law the Privacy Amendment (Notifiable Data Breaches) Bill 2016. This law amends the primary privacy and data protection legislation in Australia, Privacy Act 1988 (Cth), to introduce the long-anticipated mandatory data breach notification scheme. Under this scheme, all agencies and businesses that are regulated by the Privacy Act are required … Continue Reading
At the Plenary Session held today (July 6th, 2016) in Strasbourg, the European Parliament adopted the position agreed with the Council on a Directive on common rules of security of network and information systems across the EU on its second reading. The main elements of the Directive are:… Continue Reading
On 9 October 2015, the Privacy Commissioner for Personal Data published a Guidance Note on “Data Breach Handling and the Giving of Breach Notifications“, a revised version of its June 2010 edition.
The Guidance Note gives guidance to data users (the concept of ‘data user’ is similar to the concept of ‘data controller’ under EU law) on how … Continue Reading
On 26 May, the Netherlands First Chamber passed a bill requiring companies to notify the Dutch Data Protection Authority (DPA) and affected individuals of certain breaches of personal data. As we reported earlier this year, when the bill becomes law, it will be mandatory for all types of data controllers to provide these breach notifications. Failure to notify will … Continue Reading
The following piece, written by the Hogan Lovells privacy team, was posted to the International Association of Privacy Professionals’ (IAPP) Privacy Tracker on March 31. The post, Data Security and Breach Notification Legislation Gaining Traction in Congress, is reprinted in its entirety below with permission from the IAPP.
For more than a year now, we have been hearing … Continue Reading
Recently, new rules on cookies (all links in Dutch) came into force in the Netherlands. In addition, the Dutch Second Chamber approved a draft bill to introduce a mandatory data breach notification requirement and to strengthen the Dutch Data Protection Authority’s investigative and fining powers. The new rules apply to all companies acting as a “data controller” within the meaning … Continue Reading