Abstract
Mandatory breach notification is one of the most promising new ideas to enter the privacy regulatory and enforcement debate. There has been widespread and rapid take-up of the idea in the USA since the first breach notification law was enacted in California in 2002. Breach notification has been the subject of intense study around the world and has been recommended in many jurisdictions. Mandatory breach notification is poised to become the norm in data protection and privacy laws in the next five or 10 years. While notification obligations are typically imposed at domestic level, a number of breaches that warrant notification involve companies that hold the personal information of individuals from many jurisdictions. The individuals are situated well beyond the domestic base of a particular company or where a breach might be said to have occurred. The chapter explores aspects of cross-border breach notification. As notification laws become more widespread, companies may be faced with a patchwork of obligations to notify consumers in various jurisdictions in accordance with differing regimes. Obligations may be conflicting, unclear, incomplete or contradictory. The author recommends that notification laws and standards be designed to ensure that coherent and complementary approaches to cross-border notification are taken that will promote better outcomes for all stakeholders, particularly consumers, but also the businesses that must comply with the new laws.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
In February 2015, APEC’ s Electronic Commerce Steering Group (ECSG ) endorsed a plan to update the APEC Privacy Framework in six priority areas based upon changes to the OECD Privacy Guidelines, including adding breach notification as part of the recommended remedies where privacy protections are violated. See Asia-Pacific Economic Co-operation, “ APEC Privacy Framework Stocktake: Comparative Review against 2013 Updates to OECD Privacy Guidelines”, Paper prepared by Australia, Canada, New Zealand for the APEC ECSG Privacy Subgroup Meeting, 1 February 2015.
http://mddb.apec.org/Documents/2015/ECSG/DPS1/15_ecsg_dps1_006.pdf
Reference
Asia-Pacific Economic Co-operation, “APEC Privacy Framework Stocktake: Comparative Review against 2013 Updates to OECD Privacy Guidelines”, Paper prepared by Australia, Canada, New Zealand for the APEC ECSG Privacy Subgroup Meeting, 1 February 2015. http://mddb.apec.org/Documents/2015/ECSG/DPS1/15_ecsg_dps1_006.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Stewart, B. (2016). Cross-Border Breach Notification. In: Wright, D., De Hert, P. (eds) Enforcing Privacy. Law, Governance and Technology Series(), vol 25. Springer, Cham. https://doi.org/10.1007/978-3-319-25047-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-25047-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25045-8
Online ISBN: 978-3-319-25047-2
eBook Packages: Law and CriminologyLaw and Criminology (R0)