Join our Blog!
Twitter Us!

Safend Products - Securing Your EndPoints - Available at PortProtector.comData Protection Legislation

Best of Breed Endpoint Security Solutions

Reacting to the ever growing threat of loss of personal digital data, many countries and states around the world have begun legislating laws and regulations, mandating the protection of private consumer data and notification in the event such data is compromised.

Although varying from region to region, these laws can lead to severe penalties in case data breaches occur.

Safend helps you comply with your national or state requirements by providing regulatory compliance maps for the US, Europe, and Asia/Pacific.

State Data Security / Breach Notification Laws:

Enacted in 2003, California SB 1386 was a first in setting clear guidelines for the disclosure and responsibility of organizations in the event data breaches leading to the disclosure of personal data. Since then, forty-five states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.

Although varying from state to state, most laws contain the following basic elements set by the original California bill:

  1. Notification guidelines: which data is covered by the bill and how soon must organizations notify affected persons.
  2. Penalties for data breach incidents: what penalties is the organization subject to, as a result of losing sensitive data or failing to disclose such incidents, and what steps they must take to protect those affected by it.
  3. Private right of action: what action may be taken by affected consumers, if any.
  4. Exemptions: when are companies exempt from reporting data breaches, if at all. For example, some states provide exemptions for data which has been encrypted or stored on encrypted media.

EU and Europe Data Protection Legislations:

In Europe, protection of private digital data has taken center stage in recent years. Although there is currently no EU-wide disclosure legislation, national data protection laws have been in place as early as 1973 in Sweden. This trend has accelerated following the legislation enacted in most US states in the past few years.

Europe, in contrast to the US that focuses on the financial implications of identity theft, has focused on personal privacy. The EU has long had legislation for standardizing on the handling its citizens digital data relying on the guidelines of EU 95/46 . All EU members have Data Commissioners with the legal obligation to be a watchdog of citizen’s privacy and the right to levy fines and jail sentences for mishandling of data.

Today, all EU members, and almost all European countries, have enacted data protection laws and/or set up national authorities for the protection of personal data.

Data protection legislations in Asia-Pacific:

Responding to the trend set both by other countries in Europe and North America, as well as to various international regulations, many countries in the Asia-Pacific region have begun enacting data privacy protection laws, and set up national authorities in charge of promoting and enforcing such regulations.

Although varying from country to country, most privacy protection laws contain a definition of sensitive data covered by the law, basic requirement for protection, and penalties and responsibilities in the event of data breaches.