Ireland Considers Detailed Data Loss Disclosure Guidelines

[security curmudgeon <jericho () attrition org>]

http://www.pcworld.com/article/198474/ireland_considers_detailed_data_loss_disclosure_guidelines.html

Ireland Considers Detailed Data Loss Disclosure Guidelines
Jeremy Kirk, IDG News

Ireland is considering beefing up its data protection rules with more 
detailed guidelines for when an organization should report a data breach.

The proposed code of practice has been published by the Office of the Data 
Protection Commissioner on its Web site and is open for public comment 
through June 18.

The code of practice details the reporting obligations for data handlers 
under Ireland's Data Protection Acts. As in the U.K., Ireland has had its 
share of high-profile data breaches, which likely spurred the creation of 
the code of practice, said William Malcolm, a privacy lawyer with the law 
firm Pinsent Masons.

The code of practice would require organizations to report a breach within 
two working days with some exceptions if strong security measures are 
implemented.

The report would include the nature of the data compromised, what action 
is being taken, how people have been informed or the reason for not 
informing people, actions taken to limit distress to those affected and a 
chronology of events.

All breaches that result in the loss of personal data affecting more than 
100 people would have to be reported unless the personal data was 
encrypted to a "high standard" with a strong password and that password 
had not been compromised.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php