The Obama Administration is expected to endorse comprehensive privacy legislation at tomorrow’s Senate Commerce Committee hearing on “The State of Online Consumer Privacy.” Our understanding is that the administration will call for a “privacy bill of rights” that would require, among other things, that consumers be given access to the data collected about them online and…

A data protection bill is ready for consideration by the Filipino House of Representatives.  If made law, H.B. 1554 would be the first comprehensive data protection law in the Philippines.  The new legislation, intended to align with APEC principles, incorporates familiar fair processing principles, such as collecting personal data for a specified purpose, controls on the excessive…

According to the annual Ponemon Institute survey report released March 8, 2011 in 2010, U.S. companies affected by data breaches incurred an average cost of $7.2 million per incident.  (In comparison, in 2009, companies reported an average cost of $6.75 million).  The Ponemon survey identified a number of other interesting trends:

• Companies are responding to data

…

As we reported in a prior post, there is a developing legislative trend to restrict employers’ use of credit report information in making adverse employment decisions (e.g., hiring, promotion, termination) regarding prospective or current employees.  There are currently 18 states considering legislation in this area: California, Indiana, Kentucky, Missouri, Nebraska, New Mexico, New York,…

Mexico’s data protection oversight body, the Federal Transparency and Data Protection Institute has indicated that it expects the draft implementing regulations that will bring into effect the new Mexican federal privacy statute to be ready in July of this year.  Introduced on July 6, 2010, Mexico’s “Federal Law Protecting Personal Data in Private Possession” is…

A consolidated bill intended to reform data protection legislation in Korea is expected to be debated in the Korean National Assembly this Spring.  The text of the consolidated bill, which was put together in April 2010 and which combines elements of previous draft bills, has not been made public but there are fairly well informed predictions as…

Taiwan’s revised Data Protection Act, which is not yet formally effective, is the first privacy-specific statute in the APAC region to contain an enforceable requirement to notify individuals of a data breach incident.  To date, no other privacy legislation in the Asia region has imposed an enforceable legislative requirement to communicate a data breach incident to individuals.  
A…