2016 Global Data Breach Notification Guide

In today’s global economy, data breach notification requirements raise critical issues for companies in all industry sectors.  Data security threats are diverse and ever-changing.  Intruders are searching for new and innovative ways to penetrate company defenses.  Vulnerabilities are increasing as companies leverage data as a source of revenue and, in the process, expand the surface area for potential attacks.  For example, the Internet of Things (IoT) enables companies to attach sensors associated with IP addresses to everything from home appliances to cars to pills that patients ingest. Estimates indicate there will be as many as 50 billion devices connected to the Internet by 2020. That means there may be literally billions more sources of vulnerabilities in the next five years.  The confluence of greater threats and vulnerabilities will invariably lead to an increase in the volume and severity of data security incidents.  The risks to companies arising from such data breaches are significant, and can include adverse media attention and reputational harm, customer churn, class actions and other claims from customers, employees, and others, shareholder derivative suits, and regulatory/law enforcement actions.  

Given these risks, preparation is essential.  Companies need to proactively align incident response policies, legal counsel, forensics providers, identity theft protection services, and other resources to prepare for data security incidents and to address the notification issues.  Companies also should be aware of the scope and impact of breach notification obligations so as to reduce the potential for notifiable data security incidents across the full life cycle of information management, from product and application design, to data collection and use, and to record retention and secure disposal.        

Baker & McKenzie provides this Global Data Breach Notification Guide as a resource for companies to benchmark the ever expanding range of global data breach notification requirements.  The Guide provides summaries of these requirements in forty-nine (49) jurisdictions, including information about: (i) the scope of the identified data breach notification obligations, (ii) whether individuals, authorities, or others must be notified, (iii) the penalties for non-compliance with the notification obligations, and (iv) other information. As always, a guide is not a substitute for legal advice, and in the event of an actual or potential incident, companies need to engage qualified counsel to advise on the application of local breach notification and other requirements to their particular circumstances.

We hope you keep this Guide close at hand, alongside your copy of the Baker & McKenzie Global Privacy Handbook, as well as the Baker & McKenzie Global Surveillance Law Comparison, and the Baker & McKenzie Global Data Protection Enforcement Report. 

You must be a SIG member and logged in to view this document.