A Comparative Legal Study on Data Breaches in Japan, the U.S., and the U.K.

Abstract : This paper focuses on the liability and duties of data controllers regarding data leaks and compares the relevant legal schemes of Japan, the U.S., and the U.K. There are three primary approaches to reducing or redressing damages caused by data leaks: (1) providing remedies for data leaks; (2) data security obligations; and (3) notification obligations in the event of a data breach. The aim of this article is to compare the measures on data breaches from the above viewpoints and highlight the relevant issues in order to reach an appropriate solution.To address the issues related to data breaches, legal rules among countries should be common to all due to the worldwide circulation of personal data. Nonetheless, different features are recognizable through the analysis in each chapter.Companies in Japan have thus far eagerly abided by data security obligations even if they are ineffective for data protection. Conducting PIAs is another option to prevent security incidents. If data breach notification rules are introduced, the subject matters to be publicized must be identified and followed by enforcement actions. Also, such rules should contribute to the avoidance of secondary harm.In the U.S., while compensations for data leakage and security breach notification rules have apparently been effectively managed, it is needed to reduce serious harm arising from massive data breach. Obliging companies to maintain data traceability might serve this.In the U.K., data breach notification rules imposed as part of the General Data Protection Regulation need to connect with other effective enforcements and contributions to avoiding secondary harm, so as not to become meaningless.We must harmonize the above differences and make ongoing efforts to improve the effectiveness of rules.
Type de document :
Communication dans un congrès
David Kreps; Gordon Fletcher; Marie Griffiths. 12th IFIP International Conference on Human Choice and Computers (HCC), Sep 2016, Salford, United Kingdom. IFIP Advances in Information and Communication Technology, AICT-474, pp.86-105, 2016, Technology and Intimacy: Choice or Coercion. 〈10.1007/978-3-319-44805-3_8〉
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01449452
Contributeur : Hal Ifip <>
Soumis le : lundi 30 janvier 2017 - 14:41:05
Dernière modification le : lundi 30 janvier 2017 - 14:47:59

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Kaori Ishii, Taro Komukai. A Comparative Legal Study on Data Breaches in Japan, the U.S., and the U.K.. David Kreps; Gordon Fletcher; Marie Griffiths. 12th IFIP International Conference on Human Choice and Computers (HCC), Sep 2016, Salford, United Kingdom. IFIP Advances in Information and Communication Technology, AICT-474, pp.86-105, 2016, Technology and Intimacy: Choice or Coercion. 〈10.1007/978-3-319-44805-3_8〉. 〈hal-01449452〉

Partager

Métriques

Consultations de la notice

72