Access the Global Data Breach Notification Guide

Select a Jurisdiction
Compare
Selected Jurisdictions
Select a Jurisdiction
Selected Topics
Select a Topic
Choose Jurisdictions to Compare
Choose a Topic
Type to filter topics
[{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"4477b1d8-e9d5-4848-a0ab-11738b730c8d","Name":"a. General scope of the breach notice requirement.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"17afb16b-8ba5-4493-9a5d-be75cbf4002e","Name":"b. The definition or standard of a covered \"data breach.\"","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"828fa78d-9c57-4e46-a45e-0ccc69906b53","Name":"c. Whether it is mandatory to notify affected individuals.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"5b8f8d90-4eb9-44f7-beeb-39a54399efea","Name":"d. Whether it is mandatory to notify any government authorities.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"5e042608-9312-4d03-954b-9bf357368e4c","Name":"e. Whether any other parties may need to be notified of the incident.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"4f5ee6af-5cb6-4dd1-a13e-3ca448420ada","Name":"f. Whether the above rules are different if the company is acting as a data processor\/service provider, and not acting as the data controller\/owner of the information at issue.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"d5260be3-0053-4c86-94ce-5925d8fc2402","Name":"g. What are the potential penalties for non-compliance with the breach notice obligation?","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"66a96986-8575-4bde-9cab-841cf886627d","Name":"Law or Regulation","SortOrder":0,"Synonyms":[]}]

Global Data Breach Notification Guide

Editor's Note

In today’s global economy, data breach notification requirements raise critical issues for companies in all industry sectors.  Data security threats are diverse and ever-changing.  Intruders are searching for new and innovative ways to penetrate company defenses.  Vulnerabilities are increasing as companies leverage data as a source of revenue and, in the process, expand the surface area for potential attacks.  For example, the Internet of Things (IoT) enables companies to attach sensors associated with IP addresses to everything from home appliances to cars to pills that patients ingest. Estimates indicate there will be as many as 50 billion devices connected to the Internet by 2020. That means there may be literally billions more sources of vulnerabilities in the next five years.  The confluence of greater threats and vulnerabilities will invariably lead to an increase in the volume and severity of data security incidents.  The risks to companies arising from such data breaches are significant, and can include adverse media attention and reputational harm, customer churn, class actions and other claims from customers, employees, and others, shareholder derivative suits, and regulatory/law enforcement actions. 

Given these risks, preparation is essential.  Companies need to proactively align incident response policies, legal counsel, forensics providers, identity theft protection services, and other resources to prepare for data security incidents and to address the notification issues.  Companies also should be aware of the scope and impact of breach notification obligations so as to reduce the potential for notifiable data security incidents across the full life cycle of information management, from product and application design, to data collection and use, and to record retention and secure disposal.        

Baker & McKenzie provides this Global Data Breach Notification Guide as a resource for companies to benchmark the ever expanding range of global data breach notification requirements.  The Guide provides summaries of these requirements in forty-nine (49) jurisdictions, including information about: (i) the scope of the identified data breach notification obligations, (ii) whether individuals, authorities, or others must be notified, (iii) the penalties for non-compliance with the notification obligations, and (iv) other information. As always, a guide is not a substitute for legal advice, and in the event of an actual or potential incident, companies need to engage qualified counsel to advise on the application of local breach notification and other requirements to their particular circumstances.

We hope you keep this Guide close at hand, alongside your copy of the Baker & McKenzie Global Privacy Handbook, as well as the Baker & McKenzie Global Surveillance Law Comparison, and the Baker & McKenzie Global Data Protection Enforcement Report. Do visit our b:INFORM website for recent developments and technology trends, including developments on breach notification requirements, EU General Data Protection Regulation (“GDPR”), and other global data privacy, security, and information management issues.  Also, please feel free to contact any member of the Baker & McKenzie Global IT/C Data Security Leadership Team with any questions, or your usual Baker & McKenzie contact.




Chair, Global IT/C Data Security Working Group

{"Categories":[{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"3f7007ec-b290-4bf5-9717-09d7cae7f808","Name":"Germany","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"a98a64a4-25a3-472e-a70b-0c6af9d32b49","Name":"China","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"66ba681e-8e44-48d9-89d8-0f878e9d2b2a","Name":"Malaysia","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"22f4817a-b2ee-4f95-b451-10fe2533048e","Name":"Luxembourg","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"61d6f4b1-ab16-4110-9fdf-11d99f86a12e","Name":"South Korea","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"31655182-9913-461d-a07b-1dde92b30156","Name":"Switzerland","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"511d7c1a-cfa6-440f-ac12-2f6a6c19f3c6","Name":"Australia","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"2271f538-0585-4885-9462-42f4f0e40c28","Name":"New Zealand","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"46a97512-1e31-4246-9446-4540734327b0","Name":"Czech Republic","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"31500176-a729-4610-b7e7-4a1b4175c760","Name":"Sweden","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"34594754-862a-483c-a3fa-4fb08a3e6c42","Name":"South Africa","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"f1c892d8-4cff-4657-bd0d-5340c115b15f","Name":"Colombia","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"d44380d7-848f-4c61-b725-53621e686a78","Name":"Denmark","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"2e3870b0-a826-46cc-9d31-583292ce9a4a","Name":"Ireland","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"ae529890-6dc3-44c5-96a1-60990d93aea0","Name":"Mexico","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"e84f832c-5ed3-42fc-9beb-6196b6bc873b","Name":"Uruguay","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"f43fd59d-4b4e-4ec9-add0-668eed38b806","Name":"Taiwan","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"549a9500-e4f5-4e1a-85f3-6eb3e64e0498","Name":"Indonesia","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"7091e845-740e-4993-9bf1-71cbe926f205","Name":"Argentina","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"7a5f805e-1278-41a2-a10f-7bcd37054cde","Name":"United Kingdom","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"b4152451-4a88-40b4-bbed-7fb9f61791a7","Name":"Turkey","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"ee5b52bf-893b-40ce-ba3a-8ec8a43acf92","Name":"Canada","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"b86c3a10-46b1-4a62-819e-919e80a0bad0","Name":"Japan","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"270edbb4-0a1d-4a60-84b4-9bf9c5971d82","Name":"Norway","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"2ad17687-7469-4182-b9c6-9eca901fd054","Name":"Russia","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"82ec8c61-1010-4700-95bf-9ecce208c2d4","Name":"Brazil","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"0d62abda-a293-400c-9097-a002930dc2fd","Name":"Philippines","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"98a6bab7-3a61-4000-9299-a0b9c92c11bf","Name":"Portugal","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"4d9431e3-b8a6-457f-a0d5-b12b196386ac","Name":"Vietnam","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"9c918498-c16d-4a6b-8a01-b580771f4ac3","Name":"France","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"45bb810b-a862-44fd-be3c-b85cc6b26e05","Name":"Belgium","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"89a58e29-9801-42a8-93e5-bd04bf03db88","Name":"Ukraine","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"b381b730-2863-440f-9621-bf229bfa4bc0","Name":"Hong Kong","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"70db3dc1-3234-4669-abb0-c27310f93afd","Name":"Poland","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"ea90a15b-9c32-4d3d-a085-c408f175df5b","Name":"United States","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"6912988d-4706-4d6e-b442-cb8f2f1b1a89","Name":"Singapore","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"4a6da699-800a-4dcf-b2f5-d6a71a4b2332","Name":"Saudi Arabia","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"499f3a0b-42a8-492a-8505-d76eaed5e8b1","Name":"Iceland","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"479e409d-e740-4809-8362-db6d609fc72e","Name":"Hungary","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"137fc591-75dd-4584-9fae-df8c253b6d2b","Name":"Austria","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"36ea089e-7b64-4420-8eb9-e82bdaa65b92","Name":"Italy","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"9b026665-d7a4-4bb3-965f-ea1cf4eee2fd","Name":"Spain","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"3f62e834-f11a-4d71-ae0f-eb0c41e866c3","Name":"Thailand","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"680e04de-7155-4e69-98b7-ebb6a273f363","Name":"Israel","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"8aab31e5-beda-4369-abf9-ebe3a4441144","Name":"Netherlands","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"4b450419-17cd-4c19-9e94-eea5d273969e","Name":"India","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"698e920d-aa68-4b25-a747-f92ebdc3e93d","Name":"Peru","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"b09f0186-2de4-41db-9cc4-f9ae25d1fc88","Name":"Finland","SortOrder":0},{"CurrencyCode":"","HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"ed6dd7cc-126c-4cef-bd5f-fcd7633df6ff","Name":"Greece","SortOrder":0}],"CategoryGroups":[{"ChildGuids":["7091e845-740e-4993-9bf1-71cbe926f205","82ec8c61-1010-4700-95bf-9ecce208c2d4","f1c892d8-4cff-4657-bd0d-5340c115b15f","ae529890-6dc3-44c5-96a1-60990d93aea0","698e920d-aa68-4b25-a747-f92ebdc3e93d","e84f832c-5ed3-42fc-9beb-6196b6bc873b"],"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"353e2bed-b688-4016-991f-5e55d0e3edf0","Name":"Latin America","SortOrder":0},{"ChildGuids":["511d7c1a-cfa6-440f-ac12-2f6a6c19f3c6","a98a64a4-25a3-472e-a70b-0c6af9d32b49","b381b730-2863-440f-9621-bf229bfa4bc0","4b450419-17cd-4c19-9e94-eea5d273969e","549a9500-e4f5-4e1a-85f3-6eb3e64e0498","b86c3a10-46b1-4a62-819e-919e80a0bad0","66ba681e-8e44-48d9-89d8-0f878e9d2b2a","2271f538-0585-4885-9462-42f4f0e40c28","0d62abda-a293-400c-9097-a002930dc2fd","6912988d-4706-4d6e-b442-cb8f2f1b1a89","61d6f4b1-ab16-4110-9fdf-11d99f86a12e","f43fd59d-4b4e-4ec9-add0-668eed38b806","3f62e834-f11a-4d71-ae0f-eb0c41e866c3","4d9431e3-b8a6-457f-a0d5-b12b196386ac"],"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"83e78c24-de5c-4048-9ddc-58143141a160","Name":"Asia Pacific","SortOrder":1},{"ChildGuids":["ee5b52bf-893b-40ce-ba3a-8ec8a43acf92","ea90a15b-9c32-4d3d-a085-c408f175df5b"],"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"75dfcb80-7872-4c19-aa92-fc60d8185363","Name":"North America","SortOrder":2},{"ChildGuids":["137fc591-75dd-4584-9fae-df8c253b6d2b","45bb810b-a862-44fd-be3c-b85cc6b26e05","46a97512-1e31-4246-9446-4540734327b0","d44380d7-848f-4c61-b725-53621e686a78","b09f0186-2de4-41db-9cc4-f9ae25d1fc88","9c918498-c16d-4a6b-8a01-b580771f4ac3","3f7007ec-b290-4bf5-9717-09d7cae7f808","ed6dd7cc-126c-4cef-bd5f-fcd7633df6ff","479e409d-e740-4809-8362-db6d609fc72e","499f3a0b-42a8-492a-8505-d76eaed5e8b1","2e3870b0-a826-46cc-9d31-583292ce9a4a","680e04de-7155-4e69-98b7-ebb6a273f363","36ea089e-7b64-4420-8eb9-e82bdaa65b92","22f4817a-b2ee-4f95-b451-10fe2533048e","8aab31e5-beda-4369-abf9-ebe3a4441144","270edbb4-0a1d-4a60-84b4-9bf9c5971d82","70db3dc1-3234-4669-abb0-c27310f93afd","98a6bab7-3a61-4000-9299-a0b9c92c11bf","2ad17687-7469-4182-b9c6-9eca901fd054","4a6da699-800a-4dcf-b2f5-d6a71a4b2332","34594754-862a-483c-a3fa-4fb08a3e6c42","9b026665-d7a4-4bb3-965f-ea1cf4eee2fd","31500176-a729-4610-b7e7-4a1b4175c760","31655182-9913-461d-a07b-1dde92b30156","b4152451-4a88-40b4-bbed-7fb9f61791a7","89a58e29-9801-42a8-93e5-bd04bf03db88","7a5f805e-1278-41a2-a10f-7bcd37054cde"],"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"adb942c5-6c6c-486f-a6cf-008241abb175","Name":"EMEA","SortOrder":3}],"Items":[],"SelectedTopicViews":[],"TopicGroups":[{"ChildGuids":["66a96986-8575-4bde-9cab-841cf886627d","4477b1d8-e9d5-4848-a0ab-11738b730c8d","17afb16b-8ba5-4493-9a5d-be75cbf4002e","828fa78d-9c57-4e46-a45e-0ccc69906b53","5b8f8d90-4eb9-44f7-beeb-39a54399efea","5e042608-9312-4d03-954b-9bf357368e4c","4f5ee6af-5cb6-4dd1-a13e-3ca448420ada","d5260be3-0053-4c86-94ce-5925d8fc2402"],"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"fa6845ca-c10f-47d3-9d2c-3419a3f24e27","Name":"Data Breach Notification","SortOrder":0}],"Topics":[{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"4477b1d8-e9d5-4848-a0ab-11738b730c8d","Name":"a. General scope of the breach notice requirement.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"17afb16b-8ba5-4493-9a5d-be75cbf4002e","Name":"b. The definition or standard of a covered \"data breach.\"","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"828fa78d-9c57-4e46-a45e-0ccc69906b53","Name":"c. Whether it is mandatory to notify affected individuals.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"5b8f8d90-4eb9-44f7-beeb-39a54399efea","Name":"d. Whether it is mandatory to notify any government authorities.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"5e042608-9312-4d03-954b-9bf357368e4c","Name":"e. Whether any other parties may need to be notified of the incident.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"4f5ee6af-5cb6-4dd1-a13e-3ca448420ada","Name":"f. Whether the above rules are different if the company is acting as a data processor\/service provider, and not acting as the data controller\/owner of the information at issue.","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"d5260be3-0053-4c86-94ce-5925d8fc2402","Name":"g. What are the potential penalties for non-compliance with the breach notice obligation?","SortOrder":0,"Synonyms":[]},{"HandbookId":"bba00134-fb49-4f00-9c61-048b568a318f","Id":"66a96986-8575-4bde-9cab-841cf886627d","Name":"Law or Regulation","SortOrder":0,"Synonyms":[]}]}
{"CategoryViewUrl":"\/category","ComparisonViewUrl":"\/comparison","InternalComparisonEditUrl":"\/comparison","IsVerticalComapisonSite":false,"LandingPageUrl":"\/databreach","PublicComparisonCreatorUrl":null,"PublicComparisonViewUrl":null,"VerticalViewUrl":null}
{"CategoryViewAvailableExports":["PDF"],"ComparisonVerticalViewAvailableExports":[],"ComparisonViewAvailableExports":["PDF"],"ExportCommentsField":false,"ExportPageBreakSeparator":true,"HideEmptyTopicGroupVerticalView":false,"IsGmapSite":false,"OpenComparisonWizardOnComparePage":false,"PublicComparisonIsActive":false,"TopicEnumeration":0,"TopicGroupEnumeration":1,"TopicGroupEnumerationSeed":0,"TopicGroupImageBGColor":"","TypeAheadTopicNumbering":false,"VerticalViewAvailableExports":[]}
Working