On August 30, 2012, Taiwan’s Executive Yuan announced that the Personal Data Protection Act will become effective October 1, 2012. The Executive Yuan also proposed several amendments to certain controversial provisions in the Act.
Continue Reading Taiwan Proposes Revisions to Personal Data Protection Act
Liability
New Chinese Legislation Includes Provisions Protecting Personal Information
Posted on
Posted in Information Security, International
In the past two months, Chinese authorities have moved to strengthen laws concerning the protection of personal information. A national law has been amended to protect the confidentiality of personal information contained on national identity cards, and Jiangsu Province has become the first province to implement a personal information regulation applicable across all industry sectors.
Continue Reading New Chinese Legislation Includes Provisions Protecting Personal Information
Senior Google Executives Sentenced for Violation of Italian Privacy Laws
Posted on
In February 24, 2010, an Italian court in Milan found three Google executives guilty of violating applicable Italian privacy laws. The executives were accused of violating Italian law by having allowed a video showing an autistic teenager being bullied to be posted online. The Google executives, Senior Vice President and Chief Legal Officer David Drummond, Chief Privacy Counsel Peter Fleischer and former Chief Financial Officer George Reyes, were fined and received six-month suspended jail sentences.
Continue Reading Senior Google Executives Sentenced for Violation of Italian Privacy Laws
New Chinese Tort Liability Law Contains Provisions Affecting Personal Data
Posted on
On December 26, 2009, the Standing Committee of China’s National People’s Congress passed a landmark new law that contains provisions affecting personal data. The new law will go into effect on July 1, 2010.
The P.R.C. Tort Liability Law is a wide-ranging law that imposes tort liability for matters ranging from environmental damage to product…
Liability for Data Security Auditors
Posted on
A lawsuit that will soon commence in Arizona has the potential to alter the data breach liability landscape by making data security auditors liable for data breaches experienced by the companies they audit. The case, Merrick Bank Corp. v. Savvis Inc., has its origins in events that began in 2003, when Merrick Bank (“Merrick”) offered to hire CardSystems Solutions (“CardSystems”) to process credit card transactions for its merchant customers. The offer was contingent upon CardSystems achieving certification under VISA’s Cardholder Information Security Program (“CISP”), which is the predecessor to the Payment Card Industry Data Security Standard (“PCI DSS”). Savvis audited CardSystems in 2004 and found that it had “implemented sufficient security solutions” and followed “industry best practices.” VISA certified CardSystems shortly after receiving Savvis’ audit report. In 2005, CardSystems revealed that it had experienced an information security breach that compromised forty million payment cards.
Continue Reading Liability for Data Security Auditors