Encryption safe harbours and data breach notification laws

Burdon, Mark, Reid, Jason and Low, Rouhshi (2010) Encryption safe harbours and data breach notification laws. Computer Law and Security Report, 26 5: 520-534. doi:10.1016/j.clsr.2010.07.002

Attached Files (Some files may be inaccessible until you login with your UQ eSpace credentials)
Name Description MIMEType Size Downloads

Author Burdon, Mark
Reid, Jason
Low, Rouhshi
Title Encryption safe harbours and data breach notification laws
Journal name Computer Law and Security Report   Check publisher's open access policy
ISSN 0267-3649
Publication date 2010-09
Sub-type Article (original research)
DOI 10.1016/j.clsr.2010.07.002
Open Access Status
Volume 26
Issue 5
Start page 520
End page 534
Total pages 15
Place of publication Kidlington, U.K.
Publisher Elsevier Advanced Technology
Collection year 2010
Language eng
Abstract Data breach notification laws require organisations to notify affected persons or regulatory authorities when an unauthorised acquisition of personal data occurs. Most laws provide a safe harbour to this obligation if acquired data has been encrypted. There are three types of safe harbour: an exemption; a rebuttable presumption and factor-based analysis. We demonstrate, using three condition-based scenarios, that the broad formulation of most encryption safe harbours is based on the flawed assumption that encryption is the silver bullet for personal information protection. We then contend that reliance upon an encryption safe harbour should be dependent upon a rigorous and competent risk-based review that is required on a case-by-case basis. Finally, we recommend the use of both an encryption safe harbour and a notification trigger as our preferred choice for a data breach notification regulatory framework. Copyright © 2010 Mark Burdon, Jason Reid and Rouhshi Low Published by Elsevier Ltd.
Keyword Data breach notification
Information security management
Data protection
Q-Index Code CX
Q-Index Status Confirmed Code
Institutional Status Non-UQ

Document type: Journal Article
Sub-type: Article (original research)
Collections: Non HERDC
ERA White List Items
TC Beirne School of Law Publications
Version Filter Type
Citation counts: Scopus Citation Count Cited 2 times in Scopus Article | Citations
Google Scholar Search Google Scholar
Created: Sat, 26 Mar 2011, 20:02:06 EST by Ms Barbara Thorsen on behalf of T.C. Beirne School of Law