InfoLaws

New data protection laws intended to ease concerns over offshoring to India merely add complexity for outsourcers

Those happy days are now gone. India has issued a new data protection law which will trap unwary offshore outsourcing projects. And two other key offshore outsourcing destinations — China and the Philippines — are both progressing their own sets of laws on data privacy.

Hawaii lawmakers are likely to take up proposed legislation that would punish state agencies responsible for data breaches that can result in identity theft.

"Right now the problem is that victims are the ones who bear all the brunt in recovering from identity theft," said state Sen. Mike Gabbard (D, Kalaeloa-Makakilo). "It's like having someone break into your house and then holding you responsible for crimes committed while the thief was wearing your clothes. Most people would agree that if you mess up, you should own up. So this is what we're trying to accomplish."

California Penal Code Section 502 regulates unauthorized access to computers and computer networks and has implications for employers with employees in California.

The press release issued by the Senators:

Today Senator Tom Carper (D-Del.) joined Senator Bob Bennett, (R-Utah) to re-introduce legislation that helps protect consumers and businesses from identity theft and account fraud.

InfoWatch analytics lab reports, the Russian Federation is considering amending the country’s data protection law, according to BNA’s Privacy Law Watch.

InfoWatch analytics lab reports, Irish data protection controllers should face sanctions for deliberate or reckless breaches of information protection law, a Government appointed review group has concluded.

The obligations of controllers to report security breaches should be set out in a statutory code of practice, which would outline when disclosure of data breaches is mandatory, and failure to highlight such incidents should lead to prosecution, the report by the Data Protection Review Group states.

InfoWatch analytics lab reports, earlier this month (May 1, 2010), Alberta became the first Canadian province to pass a broad breach notice law (“Bill 54”) as part of their comprehensive data privacy statute, the Personal Information Protection Act (“the Act”; technically, Alberta is the second province to pass a breach notice law in Canada, Ontario previously passed a breach notice law that focuses on health information custodians).

Massachusetts’s new data security regulations, effective as of March 1, 2010, currently set forth the country’s most stringent requirements for protecting data. Extending beyond what is required by other states, Massachusetts specifies that, for example, covered entities must implement a written information security program and must encrypt personal information that will be transmitted over the Internet, or that is kept on laptops and other portable devices.

Amendments to the Personal Information Protection Act (PIPA) were proclaimed in force on May 1, 2010, and added a new requirement for organizations to notify the Information and Privacy Commissioner of incidents “involving the loss of or unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a real risk of significant harm to an individual.” PIPA was also amended to give the Commissioner the power to require organizations to notify individuals to whom there is a real risk of significant harm as a result of such an incident

Michael Adkins of Collas Day summarizes amendments to the Data Protection (Bailiwick of Guernsey) Law. According to Wikipedia, Guernsey is a possession of the UK and not part of the UK nor part of the EU.

Of particular interest in their amendments: