In today’s global economy, data breach notification requirements raise critical issues for companies in all industry sectors. Data security threats are diverse and ever-changing. Intruders are searching for new and innovative ways to penetrate company defenses. Vulnerabilities are increasing as companies leverage data as a source of revenue and, in the process, expand the surface area for potential attacks. For example, the Internet of Things (IoT) enables companies to attach sensors associated with IP addresses to everything from home appliances to cars to pills that patients ingest. Estimates indicate there will be as many as 50 billion devices connected to the Internet by 2020. That means there may be literally billions more sources of vulnerabilities in the next five years. The confluence of greater threats and vulnerabilities will invariably lead to an increase in the volume and severity of data security incidents. The risks to companies arising from such data breaches are significant, and can include adverse media attention and reputational harm, customer churn, class actions and other claims from customers, employees, and others, shareholder derivative suits, and regulatory/law enforcement actions.
Given these risks, preparation is essential. Companies need to proactively align incident response policies, legal counsel, forensics providers, identity theft protection services, and other resources to prepare for data security incidents and to address the notification issues. Companies also should be aware of the scope and impact of breach notification obligations so as to reduce the potential for notifiable data security incidents across the full life cycle of information management, from product and application design, to data collection and use, and to record retention and secure disposal.
Baker McKenzie's Global Data Breach Notification Guide acts as a valuable resource for companies to benchmark the ever expanding range of global data breach notification requirements. The Guide provides summaries of these requirements in forty-nine (49) jurisdictions, including information about: (i) the scope of the identified data breach notification obligations, (ii) whether individuals, authorities, or others must be notified, (iii) the penalties for non-compliance with the notification obligations, and (iv) other information.
We hope you keep the Data Breach Notification Guide close at hand, alongside a copy of the Global Privacy Handbook, the Global Surveillance Law Comparison Guide, and the Global Data Protection Enforcement Report. You may also visit our b:INFORM website to find articles about recent legal developments and technology trends, including developments on breach notification requirements, EU GDPR, and other global data privacy, security, and information management issues.
You may also access the online version of the Guide.