EU-wide data breach notification requirements are “coming your way,” according to Field Fisher Waterhouse’s Olivier Proust. Proust describes frenzied lobbying in Brussels over the notification requirement in the European Commission’s proposed replacement of the Data Protection Directive. Meanwhile, Pinsent Masons’ Out-Law.com explains the labyrinthine contours of EU data protection enforcement.
The Australian Senate has failed to pass mandatory data breach notification reform laws, which were expected to go into effect by March of next year.
Privacy Tracker reports that while Texas already has a breach notification law on the books that applies to citizens of states without a notification law, it recently passed Senate Bill 1610, which increases the scope further. It also gives organizations the choice of reporting under Texas law or that of the state of the affected person, but Gant Redmon, writing for CO3Systems Blog, says “best practice will remain notifying under the law of the state where the affected party resides.” Meanwhile, Nevada has become the 11th state to pass a social media law prohibiting employers from asking for access information for employees’ or prospective employees’ social media accounts.
Privacy Commissioner Timothy Pilgrim has voiced support for mandatory breach legislation, CSO reports. Attorney-General Mark Dreyfus has announced the government will introduce legislation to take effect in March that will require companies to disclose data breaches.
A number of U.S. states have passed or are working on various types of privacy legislation—from employee privacy to breach notification. Most notably, California has pulled a bill that would have required businesses to disclose to consumers data they have collected on them. The Pennsylvania Senate has passed a law that would require state agencies to notify residents of a breach “as soon as possible.” And the Texas House has also “tentatively” approved similar social media legislation.