Abstract
Against a backdrop of rising data breaches, this article examines the legal developments in the USA and the European Union regarding breach notification. Both the US and the EU have enacted security breach laws requiring disclosure to consumers when their personal information has been breached. But the legislation clearly needs sufficient teeth such as higher penalties for organizations who sweep data breaches under the rug, monetary compensation to victims, and imprisonment for those who intentionally break data protection laws and enforcement of sanctions. A harmonized data breach notification law for all sectors may still be some way from becoming a reality.
S. Kierkegaard is editor in chief of International Journal of Private Law.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bigbrotherwatch (2011). NHS confidentiality breaches 5× a week. Available at http://www.bigbrotherwatch.org.uk/home/2011/10/nhs-data-protection.html.
Burdon, M. (2011). Contextualizing the tensions and weaknesses of data breach notification and information privacy law, 27. Santa Clara Computer and High Technology L J 63.
Cline, J. (2011). New wave of privacy regulation and enforcement. IAPP.
Condon, R. (2011). First data protection fines issued after UK data breaches. Searc.co. Available at http://searchsecurity.techtarget.co.uk/news/1524282/First-Data-Protection-Act-fines-issued-following-UK-data-breaches.
Data Quality Campaign (2011). State security breach response law. Available at http://dataqualitycampaign.org/files/State%20Security%20Breach%20Chart%20Final%20for%20posting%202011%2003%2010.pdf.
Greenwald, J. (2011). Data breach ruling may signal change in the court’s approach. Business insurance. Retrieved 31st October 2011 from http://www.businessinsurance.com/article/20111030/NEWS07/310309999?tags=%7C299%7C256%7C75%7C303%7C335.
Geiger, H. (2011). Senate judiciary passes 3 data security bills. Center for democracy and technology. Retrieved 2 November 2011 from http://www.cdt.org/blogs/harley-geiger/239senate-judiciary-committee-passes-three-data-security-bills.
Heath, N. (2011). Most data breaches escape privacy watchdog fines. Silicon. Available at http://www.silicon.com/technology/security/2011/04/21/most-data-breaches-escape-privacy-watchdog-fines-39747329/.
Hullandeastriding (2011). Police fined £1000 for stealing personal data. Available at http://www.thisishullandeastriding.co.uk/Police-official-fined-stealing-personal-data/story-11978275-detail/story.html.
Hunton Privacy Blog (2011). Available at http://www.huntonprivacyblog.com/2011/08/articles/france-introduces-data-security-breach-notification-requirement-for-electronic-communication-service-providers/.
Information-age (2011). Available at http://www.information-age.com/channels/informationmanagement/news/1650778/france-enacts-breach-notification-law-for-isps-and-telcos.thtm.
Kitten, T. Y. (2011). Online gambling site exposes 2.3 million payment cards. Bank info security. Available at http://www.bankinfosecurity.com/articles.php?art_id=4127.
Leaking Vault (2011). Available at http://www.digitalforensicsassociation.org/storage/The_Leaking_Vault_2011-Six_Years_of_Data_Breaches.pdf.
NCSL (2011). Security breach legislation 2011. Retrieved 1 November 2011 from http://www.ncsl.org/default.aspx?tabid=22295.
Nuyen, A. (2011). UK MPs call for jail sentences in data breach cases. Computer World.
Out-Law (2011). Available at http://www.out-law.com/page-9619.
Schwartz, P., & Janger, E. (2005). Notification of data security breaches, 105 Mich. L.R., (2007); Thomas J. Smedinghoff, Security breach notification—adapting to the regulatory framework, 21 Rev. Bank. Financ. Serv. (2005).
Stevens, G. (2010). Federal information security and data breach notification laws. Congressional Research Service.
Vijayan, J. (2011). Data breach affects 4.9M active, retired military personnel. CIO. Available at http://www.cio.com/article/690733/Data_Breach_Affects_4.9M_Active_Retired_Military_Personnel.
Working Document 01/11 (2011). On the current EU personal data breach framework and recommendations for future policy developments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag London
About this chapter
Cite this chapter
Kierkegaard, S. (2013). Data Insecurity: Scams, Blags & Scalawags. In: Krüger, J., Nickolay, B., Gaycken, S. (eds) The Secure Information Society. Springer, London. https://doi.org/10.1007/978-1-4471-4763-3_5
Download citation
DOI: https://doi.org/10.1007/978-1-4471-4763-3_5
Publisher Name: Springer, London
Print ISBN: 978-1-4471-4762-6
Online ISBN: 978-1-4471-4763-3
eBook Packages: Computer ScienceComputer Science (R0)