On February 1, 2024, the Federal Trade Commission (FTC) announced a complaint and proposed consent order against Blackbaud, Inc. concerning a 2020 data security incident that included a ransomware demand and payment....more
Under an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) announced on October 27, 2023, the Federal Trade Commission (FTC) will require a broad range of nonbank financial institutions to notify the...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
10/19/2023
/ Breach Notification Rule ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Security ,
Notification Requirements ,
Popular ,
Privacy Laws ,
State Privacy Laws
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
10/10/2023
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
FCC ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Proposed Legislation ,
Regulatory Reform ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes
The Board of the California Privacy Protection Agency (the CPPA) held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment...more
9/27/2023
/ Audits ,
Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment
Cyberattacks continue to plague businesses, making the fallout of data breach notification and response as critical as ever. This year, like 2021, has been relatively quiet as it relates to state updates to breach...more
10/7/2022
/ Amended Rules ,
Biden Administration ,
Breach Notification Rule ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
E-Commerce ,
Internet Retailers ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
State and Local Government
Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in...more
States continue to enhance and expand their breach notification requirements, increasing the scope of breaches that require notice as well as the complexity of compliance. Four jurisdictions—Vermont, the District of Columbia,...more
As more and larger data breaches come to light, states continue to update and expand their breach notification statutes, adding to the patchwork of notification obligations that now exists in every state. Generally speaking,...more
This spring has brought a particularly active round of revisions to state data breach notification laws. Most notably, as of July 1, 2018, every state will have a breach notification law. Alabama and South Dakota both passed...more
The General Data Protection Regulation (GDPR), which is effective May 25, 2018, requires notification to European regulators within 72 hours of the discovery of many types of data breaches. This deadline requires speed and...more
2017 has reminded us that data security threats continue to evolve and that the stakes for companies can be very high if their data security programs fail to evolve as well. Before the recent announcement of Equifax’s...more
9/19/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Equifax ,
Hackers ,
Human Resources Professionals ,
Phishing Scams ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Tax Fraud ,
Tax Scams ,
Third-Party Service Provider
New Mexico became the 48th state to enact data breach notification legislation with the Data Breach Notification Act, signed in April and effective as of June 16, 2017. Following a round of revisions that removed some of its...more
The spring legislative sessions this year brought a now-familiar round of revisions to data breach notification laws, with states broadening their laws in often divergent ways. This year, Illinois, Nebraska, and Tennessee...more
In four of the last five years, California’s legislature has updated its data breach notification law, expanding its scope and making the required notifications more specific. This year, the legislature passed three separate...more
Target’s 2013 data breach has generated over 100 consumer lawsuits, which were consolidated last year before the U.S. District Court for the District of Minnesota. On December 18, 2014, Judge Paul A. Magnuson issued a...more
California, Florida, Kentucky, and Iowa have changed their security breach notification requirements in the past few months: California passed legislation effective January 1, 2015, that for the first time, addresses...more
Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in...more
Courts Split Over Impact of Supreme Court Decision -
The Southern District of California last month let 8 out of 51 claims survive in a putative class action arising out of the 2011 breach of the Sony PlayStation...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
Effective January 1, 2014, California residents must be notified when the information used to access their email or other online accounts is compromised in a data security breach incident.
...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
This is the latest opinion in the ongoing litigation arising out of a massive data breach suffered by Hannaford Bros. grocery stores. In re Hannaford Bros. Privacy Litigation, __F. Supp. 2d __, Case No. 2:08-MD-1954-DBH, 2013...more
A federal judge in the Northern District of California recently added to the growing list of cases rejecting attempts to recover damages resulting from data breaches. In In re LinkedIn User Privacy Litigation, Case no....more