Light Dark
January 8, 2018 By Monica Dubeau 2 min read
Data Protection
Incident Response

Preparing for the General Data Protection Regulation (GDPR) has been the top priority for privacy professionals in recent months. The GDPR was put forth by the European Union (EU) and goes into effect in May 2018. The regulation includes some of the tightest data breach notification deadlines and potential penalties of any of the existing privacy regulations globally.

But what’s lurking in the shadow of the GDPR? There are other changes to data breach notification regulations that took effect in 2018. Privacy professionals around the world need to take note and tackle these regulations too.

Australia’s Notifiable Data Breaches Scheme

The Notifiable Data Breaches Scheme in Australia, which went into effect in February 2018, requires Australian businesses and government agencies to quickly notify affected individuals of data breach incidents that pose a likely risk of serious harm. Notification to the Australian Information Commissioner will also be required.

Listen to the podcast: What You Need to Know about the Changes to the Australian Privacy Act

Canada’s Personal Information Protection and Electronic Documents Act

Canada’s mandatory notification requirement under the Personal Information Protection and Electronic Documents Act (PIPEDA) was enforced in early 2018. Under PIPEDA, notification to the individual and the Office of the Privacy Commissioner of Canada will be required when there is a real risk of significant harm to the affected individual.

Maryland and Delaware Privacy Regulations

In the U.S., Maryland and Delaware amended their current data breach notification statutes in 2018. Both states are following in the footsteps of several other states by imposing tighter notification time frames. Maryland implemented a 45-day notification timeline, and Delaware will require affected individuals to be notified within 60 days. Both states have also expanded upon their definition of personal information.

Data breach notification requirements are constantly evolving, and organizations globally must ensure they keep up to date with the changes to remain compliant. It’s never too soon to consider future requirements and how they will affect your business practices.

Learn how the IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform can help make your privacy breach notification process fast, efficient and compliant.

Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including GDPR. IBM does not provide legal advice and does not represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

 |  | 
Monica Dubeau

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature