Question

State laws regarding data privacy and breach notification laws. Please discuss and explain state laws that protect electronic data. Are the laws broad and lack security specifics? What is the problem due to no one comprehensive federal data privacy or security law.

Answer 1

Data Privacy Laws:

Data privacy laws deals with regulating,storing and using personal information of an individual.They prohibit the disclosure or misuse of information about private individuals.

• For all data collected there should be a stated purpose.
• Information collected from an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual
• Records kept on an individual should be accurate and up to date
• There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting
• Data should be deleted when it is no longer needed for the stated purpose
• Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited
• Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion)

Data Breach Notification Laws:

First of all what is breach?

An unauthorized acquisition of and unauthorized access that materially compromises the security or confidentiality of unencrypted and unredacted computerized personal information maintained as part of a database of personal information regarding multiple individuals.

The main theme of data breach notification laws is:

If any organization or business experience a cyber security data breach through which any of your client and your customer personal information affected.You should go ahead and notify this to client.

This law will be applied to the businesses with 3 million or more TFM.

This law will affect the brand reputation of the organization,so it is recommended to follow all the security mechanisms to mitigate the breach.

Problem:

Failure to implement appropriate data protection policies or to properly notify regulators or individuals is punishable by fines of up to 4% of a company’s global annual turnover.