Call Us +1-877-778-6087
Home   >  Software   > Data Erasure   >  Data Privacy & Protection Obligations
 
  
 

Compliance Obligation & Penalties
BDSG, GDPR, SOX, HIPAA, GLBA, JPIPA, EU-DPA, ISO27001, IT-Act, PCi-DSS, ISAE 3402-3416.

Whether an organization is disposing storage assets by donating to a charity or through a responsible recycler or while returning of leased IT Assets; it has an obligation to ensure that no incident of data breach occurs. The obligations are under various international laws and company policies to demonstrate strict compliance. In an event of data compromise the organization and its officers have to face severe financial penalties and risk imprisonment.

An organization should also exercise care when the IT assets are REASSIGNED INTERNALLY on account of a transfer, resignation, end of project etc. This becomes particularly more important when the same level of confidentiality is NOT maintained in various departments.

Data Protection Act

An institutional penalty of € 300,000 or imprisonment up to 2 years

Germany - The German Federal Data Protection Act

Under Section 43 of Bundesdatenschutzgesetz (BDSG) the German Federal Data Protection Act, Administrative offences shall be punishable by a fine & anyone willfully committing an offence specified in Section 43 (2) of this Act in exchange for payment or with the intention of enriching himself or another person or of harming another person shall be liable to imprisonment for up to two years.

General Data Protection Regulation (GDPR) is coming soon

European Union - The General Data Protection Regulation

General Data Protection Regulation (GDPR) is part of Article 8 of the European Convention on Human Rights. It is currently a draft regulation, due to come some time soon and would be applicable to all the member countries of the European Union (EU). The GDPR includes a strict data protection compliance regime with severe penalties of up to €100,000,000 or up to 5% of worldwide turnover for an organization in breach of its rules.

 

Additional implications include high costs of lawsuit, loss of reputation & customer trust that may cause permanent or long-term impact on sustainability of an organization.

An institutional penalty of US$5,000,000 per violation AND Imprisonment up-to 20 years.

US - Compliance Requirement

It is a standard compliance requirement for organizations to completely erase data beyond the scope of data recovery from all IT assets before recycling or reassignment. In United States for public companies SOX and other regulatory directives exist which require complete and secure data erasure.

There is no upper limit specified for the compensation that can be claimed by the affected party in such
circumstances.

INDIA - Data Protection & Data Privacy

Under Section 43A of the Indian Information Technology Act, 2000, a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing & maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected.

 

Additional implications include high costs of lawsuit, loss of reputation & customer trust that may cause permanent or long-term impact on sustainability of an organization.

 
 
X