Management of a security incident or data breach is a complex task, whether in one country or many. The number of countries with laws or rules governing data breaches has grown, even in the short interval.
Identifying the relevant laws and regulations can be a challenge. Because personal data breach reporting requirements around the world are, at present and for the foreseeable future, a mismatched patchwork, this challenge is further magnified.
This is true both in the U.S., with its multiplicity of privacy and breach notification laws, and within Europe, where the requirements currently stem from common European directives and will be covered by the General Data Protection Regulation in the future. Various other countries are also instituting their own data breach reporting requirements.
The aim of this publication is to have a dedicated resource on this subject into a single reference. This guide focuses on the laws around the world as they currently stand at the date of publication.