The UK Information Commissioner Office ("ICO", the UK data privacy agency) has recently issued an informative code of practice to assist companies collecting personal data so that they can better draft clear privacy notices to data subjects about how the company intends to use personal data, and especially
Data Privacy Laws
Massachusetts Regulators Postpone Compliance Deadline and Issue Revised ID Theft Regulations
Posted on
On Thursday, the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) revised and postponed — for the second time — its comprehensive data security regulations. The new deadline for all covered entities to achieve full compliance with the Massachusetts regulations is January 1, 2010.
…
MA Delays Implementation of Information Protection Standards
By Proskauer Rose on
Businesses holding personal information of Massachusetts residents have at least one thing to be thankful for this holiday season. As reported here, Massachusetts earlier this year established strict standards for protection of personal information about Massachusetts residents. Those standards include encryption of electronic data when stored or transmitted and…
MA Issues New Rules for the Protection of Personal Information
By Kristen J. Mathews on
The September 2008 issue of “A Moment of Privacy,” a monthly e-newsletter brought to you by the Privacy and Data Security Practice Group of Proskauer Rose, LLP, has been released.
This month’s question was “I understand that Massachusetts’ new information security rule reaches beyond what other states require. What do…
Leaving Las Vegas . . . IF Encrypted
By S. Montaye Sigmon on
A Nevada law requiring encryption of customer personal information goes into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970 (2007). While the legislation is short in length, it is potentially wide-ranging in scope. In particular, the legislation requires any “business in this State” to encrypt an electronic transmission (other than via facsimile) of “any personal information of a customer” to “a person outside of the secure system of the business unless the business uses encryption to ensure the security of the electronic transmission.” Id.
…
CT’s New SSN Law Is Third 0f Its Kind
By Kristen J. Mathews on
A host of state laws require that companies take measures to protect the confidentiality of the Social Security Numbers that they possess regarding employees and consumers. But Connecticut’s new law, “AN ACT CONCERNING THE CONFIDENTIALITY OF SOCIAL SECURITY NUMBERS,” requires more.
New Connecticut Law Threatens $500,000 Penalty for Privacy Violations
By Proskauer Rose on
On June 10, Connecticut Governor M. Jodi Rell signed into law a bill to safeguard Social Security numbers and other personal information. The law imposes a civil penalty of up to $500,000 on violators. The new law takes effect October 1, 2008.
…
SEC Seeks to Better Protect Investors’ Privacy With Proposed Amendments to Regulation S-P
By Scott Carpenter on
In light of growing concerns over identity theft, data breaches, and the hacking of online brokerage accounts, the Securities and Exchange Commission (“SEC”) has recently proposed new amendments to Regulation S-P – the SEC’s existing privacy rules mandated under the Gramm-Leach-Bliley Act. The SEC’s unanimous approval of these proposed rules signals the Commission’s desire to more closely align its privacy guidelines with those of the Federal Trade Commission (“FTC”) and the Federal Banking Agencies, which adopted data breach notice rules in 2005. For regulated companies, however, the amendments could mean additional costs and liabilities.