Thursday, April 8, 2010

Data Protection & Risk Management Update -- New Rules, New Standards

Several updates and articles of note:
  • Today's PinHawk Law Technology Daily Digest focuses on information risk management. Editor Curt Meltzer writes: "Data security has taken on added urgency as significant breaches are publicized and government regulation increases. Read about recent developments in the UK, and how they might help the US stay ahead of the curve as US regulators play catch up," and links to several articles and resources on technology and related issues.
  • New UK Data Regime Loss (via the Orange Rag): "The Data Protection Act in the UK requires those who process personal data to ensure that it is kept secure with appropriate technical and organisational measures taken to protect it and that it should not be retained longer than necessary. From 6 April 2010 the Information Commissioner’s Office will be able to impose penalties of up to £500,000 for serious breaches of the Act."
  • Department of Defense Proposes New Information Security Requirements for Contractors (via Hogan & Hartson LLP): "The U.S. Department of Defense (DOD) has issued an advanced notice of proposed rulemaking regarding amendments to the Defense Federal Acquisition Regulation Supplement (DFARS) that would add new data protection requirements for unclassified DOD information used or handled by contractors."
  • Law Technology News: The Evolving Landscape of Data Privacy: "...a broad class of businesses will face an array of new privacy obligations as a result of new requirements adopted on both the federal and state levels. In addition, Congress is actively considering new data privacy legislation that would, among other things, require firms to notify customers in any instance of a data breach."
Readers should also be aware of proposed US legislation, H.R. 2221: Data Accountability and Trust Act (DATA), which passed the House late last year. "DATA would require those entities doing business in interstate commerce that maintain data containing personal information (including those that contract with another party to maintain such data) to comply with future Federal Trade Commission (FTC) regulations designed to protect such data from disclosure, identity theft, and fraud."

No comments:

Post a Comment