Tuesday, 7 August 2007

Data breach laws to come to the US

The USA is working to push through a national law on data breaches, which is a major shift away from the existing mix of state laws and other regulations. Currently, the requirements for disclosure and the definitions of what counts as personal information vary from state to state, making it tricky to comply if you do business nationwide.

The new laws aren’t yet defined and there’s a lot of complexity to wade through, but the bottom line is that US firms are going to have to take protecting information even more seriously in the future. The indications are the laws are only going to get stricter, and enforcement more enthusiastic.

There’s more detail in this Computerworld article, which has an excellent round-up of existing US and European Union laws and their evolution.

No comments: