South Dakota and Colorado strengthen data breach protections

By on January 29, 2018 Posted in Regulatory response

Norton Rose Fulbright - Data Protection Report blog

Last week, South Dakota moved closer to implementing a data breach notification law, while Colorado legislators introduced a new bill requiring “reasonable security procedures,” imposing data disposal rules and shortening the time frame in which to alert authorities regarding a breach. South Dakota and Colorado are the latest states taking steps in cybersecurity lawmaking in … Continue reading

Breach notice becomes law in the Netherlands; 11 things to know

By Floortje Nagelkerke (NL) and Nikolai de Koning on June 1, 2015 Posted in Regulatory response

Data Protection Report - Norton Rose Fulbright

On 26 May 2015, the Dutch Senate passed the Bill on Notification of data leaks. The law imposes an obligation on “data controllers” (the persons or entitis that determine the purpose of and means for processing personal data) in the Netherlands to notify the Dutch Data Protection Authority (CBP) and affected individuals. The law may require … Continue reading

PCI DSS 3.0 Requires Some Service Provider Contract Changes

By Susan Ross (US) on May 12, 2015 Posted in Regulatory response

On April 15, 2015, the PCI Security Standards Council issued Payment Card Industry Data Security Standards (PCI DSS) version 3.1 (PCI DSS v3.1), which contains some “minor updates and clarifications” to PCI DSS v3.0, which went into effect on January 1, 2015.… Continue reading