Breach Notification Rule

News & Analysis as of

Rhode Island Governor signs new comprehensive Identity Theft Protection Act

On June 26, 2015, Rhode Island Governor Gina Raimondo signed Senate Bill S0134, the Rhode Island Identity Theft Protection Act of 2015, which substantially revises the old law, including breach notification. Specifically,...more

State Breach Notification Laws Continue To Change

State breach notification laws continue to be amended to (1) provide for notification of a state attorney general or regulator about a breach in addition to affected individuals, (2) cover breaches involving personal...more

Nevada and Wyoming Expand Breach Notification Laws to Protect Account Credentials

On July 1, 2015, both Nevada and Wyoming’s breach notification law amendments come into force, expanding the definition of Personal Information (“PI”) to include account credentials such as a username or email address. With...more

Canada’s New Privacy Laws Will Require Breach Notice and Affect Private Sector Operations in Canada

It has been a long time coming, but this week the Personal Information Protection and Electronic Documents Act (“PIPEDA”) received a make-over, including new data breach notification provisions, with the enactment of the...more

Even Small Businesses Need To Pay Attention To Data Security

When people think about data breaches, corporate giants like Target, Home Depot and Michael’s spring to mind. But even small businesses holding personal information can face costly consequences if a breach occurs. In the...more

Canada Moves Forward with Mandatory Federal Security Breach Notification Law

On June 18, 2015, the Canadian Minister of Industry announced that the Digital Privacy Act, which amends Canada’s foundational Personal Information Protection and Electronic Documents Act (PIPEDA), has received royal assent...more

Oregon Expands Data Breach Law

The modified law will expand the definition of personal information to include medical information and physical characteristics, and require notification to the state Attorney General. Businesses with customers in Oregon...more

Digital Privacy Act Modernizes PIPEDA

On June 18, 2015, significant portions of the Digital Privacy Act received Royal Assent. This Act, amends the Personal Information Protection and Electronic Documents Act (PIPEDA), and brings important certainty to how...more

Digital Privacy Act Receives Royal Assent, but Breach Notification Provisions Lag Behind

After lengthy debates, Bill S-4, the Digital Privacy Act? finally received royal assent on June 18, 2015, and is now law. The federal government introduced Bill S-4 on April 8, 2014, which marked the government’s third...more

Connecticut Legislature Passes Bill Mandating Identity Theft Protection Services Following Data Breach

Connecticut’s legislature has passed a bill that imposes strict new timing requirements for entities conducting business in the state that experience a data breach, which Governor Malloy reportedly intends to sign into law. ...more

California’s Data Breach Laws

Almost all U.S states have laws about data security and what to do when there’s a data breach. California’s was the landmark law, first taking effect in 2003. Here is what California requires. Who The Laws Apply To....more

Connecticut Amends Data Breach Notification Law

In the absence of any meaningful moves in Congress to enact uniform data breach notification, the states continue to make adjustments to existing laws to better protect affected residents in their states. Connecticut is...more

Doing Business In Connecticut? There's A New Data Security Law You Should Get To Know

This week the Connecticut House of Representatives passed Senate Bill 949, "An Act Improving Data Security and Agency Effectiveness," (the "Act") which includes new or modified State requirements concerning the security of...more

Connecticut Data Breach Law About To Get Tougher

This past Monday, Connecticut legislators voted unanimously to approve two new changes to Connecticut’s breach notification law. Senate Bill 949 will require businesses to (1) provide at least one year of identity theft...more

Nevada and North Dakota amend state breach notification laws

Nevada has amended its breach notification law, effective July 1, 2015, to include a medical or health insurance identification number and a user name, unique identifier, or e-mail address in combination with a password or...more

April Brings Amendments to Washington and North Dakota Breach Notification Requirements

April saw amendments to Washington State's and North Dakota's breach notification statutes. In a prior Orrick Alert, we discussed some of the implications from the proposed data breach notification amendments in...more

Nevada Broadens Definition of Personal Information for Purpose of Encryption and Breach Notices

On May 13, Nevada passed a new law (A.B. 179) expanding the definition of “personal information” to include a natural person’s first name or initial and last name in combination with: 1) medical and health insurance...more

Also In the News - Data, Privacy, & Security Practice Report - May 2015

ONC Releases Updated Guide To Privacy And Security of Electronic Health Information ? The Office of the National Coordinator for Health Information Technology (“ONC”) recently released Version 2.0 of the Guide to Privacy and...more

North Dakota Focused on Privacy and Information Security; AG Wants to Know if You’ve Been Breached

Come August 1, North Dakota’s Attorney General will expect to hear from you if your company suffers a breach of computerized data affecting more than 250 persons. On April 13 North Dakota Governor Jack Dalrymple signed S....more

Nevada Expands Definition of PI for Purposes of the State’s Breach and Safeguards Laws

Nevada’s recently amended law will, among other things, create the first state mandate to encrypt online account credentials. Specifically, on May 13, 2015, Nevada Governor Sandoval approved a bill (“AB 179”) to expand the...more

State AGs’ Interest in Privacy and Cybersecurity – No End in Sight – REDUX (or, if you prefer, we told you so…)

Reed Smith has been closely following the interest and activities of State AGs in the areas of privacy and cybersecurity, and recently blogged on a major NAAG (National Association of Attorneys General) conference in April on...more

OCR Launches Phase 2 HIPAA Audit Program with Pre-Audit Screening Surveys

Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entities have reported that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently sent pre-audit screening surveys...more

New Washington State Data Breach Amendments Mandate Notice to Consumers Within 45 Days of Breach

On April 23, Gov. Jay Inslee signed amendments to Washington state’s data breach notification law. The amendments strengthen protections to consumers and mandate a new time frame and reporting requirements for alerting...more

North Dakota Broadens Reach for Breach Notification

North Dakota recently enacted an amendment that will again tighten its existing breach notification law. The current law, North Dakota Century Code Section 51-30 et. seq., has evolved over time, having been previously amended...more

Advertising Law - May 2015 #2

Data Breach Notification, Cyber Sharing Bills Move Forward - As multiple privacy and data security bills wend their way through the legislative process, three proposals have made significant steps forward. ...more

204 Results
|
View per page
Page: of 9

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×