Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
Canadian Bill Seeks Mandatory Data Breach Notification
Mandatory data breach notification may soon become federal law in Canada. The Canadian Parliament is currently reviewing Bill C-12, a proposed update to Canada’s existing privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA currently does not contain any breach notification provisions. The proposed update would require entities to notify both affected … Continue reading
PCI Security Standards Council Releases Guidelines for Virtual Environments
On June 14, the PCI Security Standards Council released new guidelines [pdf] directed to entities that process payment card data in virtual environments. These guidelines do not add additional requirements to the PCI-DSS 2.0 standard. Rather, they are an outline for applying the existing standard in the context of virtual platforms, including cloud computing. In … Continue reading
Third Circuit Holds that Students Have Right to Mock School Officials Online
The Third Circuit Court of Appeals recently issued two landmark opinions concerning the legally permissible scope of school district control over student expression on the Internet. In Layshock v. Hermitage School District [pdf] and J.S. v. Blue Mountain School District [pdf] — two simultaneous opinions filed by the Third Circuit — the court held that … Continue reading
European Union Directives Will Require Mandatory Data Breach Notification
Proposed revisions to the European Union’s Data Protection Directive have been a hot topic in recent months. A “Directive”, for those unfamiliar, is a legislative act of the European Union which requires all EU member states to implement laws to achieve a particular result. As enacted, the Data Protection Directive lacks mandatory data breach notification … Continue reading