intralinks jurisdictional data privacy heat map infographic
DESCRIPTION
To show you the comparative risks of legal proceedings, data access requests across the globe and the implications of data loss, Intralinks has created a Jurisdictional Privacy Heat Map infographic. Countries most likely to prosecute data breaches (in red) generally provide the strongest protections and legal processes to protect data. Read our full blog for more information: http://collaboristablog.com/2014/01/infographic-jurisdictional-data-privacy-heat-map/TRANSCRIPT
Jurisdictional Privacy Heat MapData privacy and the comparative risks of legal proceedings and data access requests
Very low Low Possibility of high fines High possibility of regulatory action and high fines Highest possibility of high regulatory fines with litigation
Countries most likely to prosecute data breaches (in red) generally provide the strongest protections and legal processes to protect data.
Confidential Collaboration: How to manage regulatory compliance & data privacy while keeping your data safe.” Authored by Field Fisher Waterhouse, Commissioned by Intralinks, November 2013 | Copyright Intralinks 2013. All rights reserved.
For the full report, please visitwww.intralinks.com/compliance.
Top 10 Data Breaches and FinesCompany Records Lost Fines/Fees
Sony Online Entertainment (2011) 25M Records $390,000
RockYou! (2009) 32M Records $250,000
Card Systems (2006) 40M Records $16 million
Living Social (2013) 50M Records undisclosed
Evernote (2013) 50M Records “millions”
US Military (2009) 76M Records $25 million
Sony PSN (2012) 77M Records $250 million
AOL (2006) 92M Records $6 million
TJ Maxx (2007) 94M Records $2.5 million
Data law changed: fines of up to $800K USD imposed on organizations that fail to keep data secure and confidential.
Her Majesty's Revenue & Customs lost two disks containing 25 million UK citizens’ personal data.
HTC agreed to establish a comprehensive written security program and undergo independent security audits for 20 years.
The Federal TradeCommission, enforced aprivacy law action againstHTC America for makingdeceptive claims about itsdata handling practices.
EU Data Protection Directive requires data controllers to use proper technical and organizational measures to protect personal data from security breaches/breaches of confidentiality.
After it failed to conduct adequate security risk assessments, encrypt portable media containing ePHI, and carry out sufficient security risk awareness training in the work place.
The Alaska Departmentof Health and HumanServices was forced topay a settlement of$1.7M USD
The UK InformationCommissioner fined 2public authorities over$300K USD for emailinginformation to the wrongrecipients.