Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] Ireland Considers Detailed Data Loss Disclosure Guidelines

From: security curmudgeon (jerichoattrition.org)
Date: Thu Jun 10 2010 - 14:51:10 CDT


Ireland Considers Detailed Data Loss Disclosure Guidelines
Jeremy Kirk, IDG News

Ireland is considering beefing up its data protection rules with more
detailed guidelines for when an organization should report a data breach.

The proposed code of practice has been published by the Office of the Data
Protection Commissioner on its Web site and is open for public comment
through June 18.

The code of practice details the reporting obligations for data handlers
under Ireland's Data Protection Acts. As in the U.K., Ireland has had its
share of high-profile data breaches, which likely spurred the creation of
the code of practice, said William Malcolm, a privacy lawyer with the law
firm Pinsent Masons.

The code of practice would require organizations to report a breach within
two working days with some exceptions if strong security measures are

The report would include the nature of the data compromised, what action
is being taken, how people have been informed or the reason for not
informing people, actions taken to limit distress to those affected and a
chronology of events.

All breaches that result in the loss of personal data affecting more than
100 people would have to be reported unless the personal data was
encrypted to a "high standard" with a strong password and that password
had not been compromised.

Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.