A Global Look at Data Breach Laws and Regulations

By: Vajratiya Vajrobol, International Center for AI and Cyber Security Research and Innovations (CCRI), Asia University, Taiwan, vvajratiya@gmail.com

Data breaches are an aspect of the linked digital world that pose major risks to both business security and individual privacy. In response, governments all across the world have passed rules and regulations to protect sensitive data. In this investigation, we will look at instances of data breach laws in several nations, showcasing international initiatives to safeguard personal information and hold organisations responsible for cybersecurity failures.

  • Global Data Breach Legislation

1. The HITECH Act and HIPAA in the United States

Comprehensive guidelines for the security of health information are established in the US by the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA). These regulations penalise healthcare practitioners and their business associates for accessing or disclosing protected health information without authorization and impose stringent security measures [1].

2. General Data Protection Regulation (GDPR) of the European Union

A historic law that affects every member state of the European Union is the GDPR. It establishes guidelines for safeguarding personal information and mandates prompt notification in the event of a data breach [2].

3.Canada – Personal Information Protection and Electronic Documents Act (PIPEDA):

In Canada, PIPEDA regulates how private sector companies gather, utilise, and disclose personal data. Organisations must notify the impacted persons and the Office of the Privacy Commissioner of Canada of substantial data breaches as required by law. Fines and other enforcement actions may follow noncompliance [3].

4. Australia-Notifiable Data Breaches (NDB) Scheme

Under the NDB Scheme, entities covered by the Privacy Act 1988 are required to report qualified data breaches to the Australian Information Commissioner as well as to people. In the event of a violation, this guarantees responsibility and openness and imposes financial consequences for noncompliance [4].

5. Japan – Act on the Protection of Personal Information (APPI)

The APPI in Japan controls how companies handle personal data. Organisations are required to swiftly notify individuals and relevant authorities in the case of a data breach. The necessity of data protection is reinforced by the law’s provisions for sanctions for non-compliance [5].

The international landscape of data breach regulations is indicative of a common commitment to protecting personal data and making companies responsible for cybersecurity failures. These regulations stress the necessity of open communication and prompt response following a breach.


  1. Kempfert, A. E., & Reed, B. D. (2011). Health care reform in the United States: HITECH Act and HIPAA privacy, security, and enforcement issues. FDCC Quarterly, 61(3), 240.
  2. Regulation, G. D. P. (2018). General data protection regulation (GDPR). Intersoft Consulting, Accessed in October, 24(1).
  3. Swartz, N. (2007). Canada reviews PIPEDA. Information Management, 41(2), 8.
  4. Dart, M., & Ahmed, M. (2023, October). Australia’s Notifiable Data Breach Scheme: An Analysis of Risk Management Findings for Healthcare. In International Conference on Health Information Science (pp. 65-78). Singapore: Springer Nature Singapore.
  5. Orito, Y., & Murata, K. (2008). Socio‐cultural analysis of personal information leakage in Japan. Journal of Information, Communication and Ethics in Society, 6(2), 161-171.
  6. Deveci, M., Pamucar, D., Gokasar, I., Köppen, M., Gupta, B. B., & Daim, T. (2023). Evaluation of Metaverse traffic safety implementations using fuzzy Einstein based logarithmic methodology of additive weights and TOPSIS method. Technological Forecasting and Social Change194, 122681.
  7. Chaklader, B., Gupta, B. B., & Panigrahi, P. K. (2023). Analyzing the progress of FINTECH-companies and their integration with new technologies for innovation and entrepreneurship. Journal of Business Research161, 113847.
  8. Casillo, M., Colace, F., Gupta, B. B., Lorusso, A., Marongiu, F., & Santaniello, D. (2022, June). A deep learning approach to protecting cultural heritage buildings through IoT-based systems. In 2022 IEEE International Conference on Smart Computing (SMARTCOMP) (pp. 252-256). IEEE.
  9. Jiao, R., Li, C., Xun, G., Zhang, T., Gupta, B. B., & Yan, G. (2023). A Context-aware Multi-event Identification Method for Non-intrusive Load Monitoring. IEEE Transactions on Consumer Electronics.
  10. Wang, L., Han, C., Zheng, Y., Peng, X., Yang, M., & Gupta, B. (2023). Search for exploratory and exploitative service innovation in manufacturing firms: The role of ties with service intermediaries. Journal of Innovation & Knowledge8(1), 100288.

Cite As:

Vajrobol V. (2024) A Global Look at Data Breach Laws and Regulations, Insights2Techinfo, pp.1

67090cookie-checkA Global Look at Data Breach Laws and Regulations
Share this:

Leave a Reply

Your email address will not be published.