Below are snapshots of recent global updates courtesy of Nymity Research.
Legislation: Tennessee Enacts Insurance Data Security Law
Effective July 1, 2021, licensees must maintain board-approved, comprehensive information security and risk management programs (based on size, complexity, information sensitivity) and report cybersecurity events to the State Insurance Commissioner (no later than 3 business days after the cybersecurity event), and affected consumers (no later than 45 days after the cybersecurity event). Read more here.
Risk Assessment: OAIC Australia PIA Best Practices
An organisation undertaking a PIA should include a threshold assessment (consider key privacy elements, including the general purposes for collection, use or disclosure, and any authority under which personal information is collected), compliance check (determine how the organization will handle any privacy breaches and whether there are audit and oversight mechanisms in place), and risk management (consider whether any privacy enhancing technologies can be used and the impact of privacy invasive technologies). Read more here.
Connected Cars: China Proposes Car Data Security Law
The proposed draft creates a large number of obligations for car design, manufacture, and service companies including not collecting personal data by default (unless a data subject consents), providing the contact information of companies responsible for data processing, handling user complaints, storing personal data in China (unless allowed to store abroad through international treaties or a security assessment), and ensuring personal data is protected by effective security measures. Read more here.
Legislation: Massachusetts Seeks Biometric Protections
If passed, private entities must provide publicly available retention schedules and guidelines for biometric identifiers and information based on those identifiers, and obtain written consent from individuals before collection and use of their information; biometrics cannot be sold, leased or profited from, and any disclosures must fall within the permitted grounds (individual consent, financial transaction completion, legal compliance). Read more here.
Stay informed with daily comprehensive regulatory updates using Nymity Research. Minimize the need for time consuming searches for accurate analysis with easy to understand alerts on the latest privacy laws. Start a free trial today.