data protection

Subscribe to data protection via RSS

Lawmakers in six states have responded quickly to the massive data breach at TJX Companies, Inc. with various bills designed to strengthen merchant security and/or render companies liable for third party companies’ costs arising from data breaches. These latest bills – introduced in California, Connecticut, Illinois, Massachusetts, Minnesota and Texas – represent a new front of state legislative activity to regulate privacy and data security and expand requirements beyond the current data breach notification and data security laws that many states have enacted in recent years. To date, Minnesota is the only state to enact such legislation, which was signed into law by its Governor on May 21, 2007.

Last month the French subsidiary of the U.S. based company, Tyco Healthcare, became the first local branch of a U.S. company to be fined for data protection violations. France’s data protection agency, La Commission Nationale de L’informatique et des Libertes (CNIL) levied a fine of 30,000 euro (or about $40,350) against the company after it both ignored CNIL’s requests for clarification about one of its human resource databases and then made misrepresentations concerning the database to the regulatory agency.

Dubai recently became the first Arab nation to enact a substantial Data Protection Law (DIFC Law No. 1 of 2007) that aims to protect the personal information of its citizens.  In a statement announcing the new law, Dubai called the enactment “pioneering in the region” and an examination of the law reveals that the description is rightly deserved.   The new law will have immediate implications for companies operating in Dubai (and especially those companies that transfer data from one office to another), such as Halliburton, the giant energy company, which recently announced that it is moving its global headquarters from Texas to Dubai.