A common nightmare scenario for security leaders today is having a laptop, tablet, or smartphone – loaded with sensitive information – go missing. When devices are lost or stolen and personal data is breached, organizations face increasing obligations to disclose incidents to the affected individuals and/or government agencies. The increased number of data breaches have driven many updates to data legislation this year alone, with more on the horizon. These rules, while also protecting the consumer, place strict requirements on organizations to to be prepared for and to respond to any type of incident. Given the changing legislative environment globally, this can be confusing for organizations.
We recently released a whitepaper intended to help security teams understand the basic requirements of data breach notification rules worldwide, including the specific expectations pertaining to mobile incidents, in order to develop effective risk management and compliance strategies.
- New developments to legislations and regulations globally
- An overview of jurisdictions with data breach notification requirements
- Definitions surrounding types of organizations covered, definitions of breach, types of information covered and thresholds for notification
- The call for proof-of-encryption capabilities in order to receive an encryption exemption post-breach
- The profess of notification
- Consequences for non-compliance
- Recommendations to prevent, anticipate and handle breaches