Breach Notification Rule Data Breach

News & Analysis as of

Retail and Consumer Products Law Roundup - June 2016

President Signs Legislation Modernizing Federal Chemical Regulation Law - Overhaul of Toxic Substances Control Act (TSCA) has important business implications for consumer product manufacturers and retailers. ...more

Illinois Joins the Fray: Strengthens its Laws Around Data Breach Notification and Data Security

Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more

The Paper Trail: The Potential Data-Breach Sitting in your Printer

In April 2016, the sensitive personal medical information of NFL players was stolen from the car of a trainer who had left the files in a backpack in his locked car. In 2014, Safeway, Inc. settled charges brought by the...more

Tennessee Legislature Amends Data Breach Notification Statute - Encryption is No Longer an Automatic Safe Harbor

On March 24, 2016, Governor Haslam signed S.B. 2005 which amends Tennessee's data breach notice statute. The amended statute will go into effect on July 1, 2016. The new Tennessee breach notice requirements are triggered by...more

Insurers Face Increasing Data Breach Notice Obligations

Earlier this year, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force proposed a comprehensive model law that covers, among other things, data security breach reporting. The model law...more

Privacy & Cybersecurity Update - May 2016

In this edition of our Privacy & Cybersecurity Update, we examine recent developments, including the U.S. Supreme Court's holding in Spokeo that consumer plaintiffs must show "real harm" to sue in federal court, the EU data...more

Illinois strengthens, expands scope of personal information protections

With the passage of the Illinois Personal Information Protection Act (HB1260) last month, Illinois substantially broadened the definition of personally identifiable information, and imposed requirements on data collectors for...more

Innocents Abroad: Lost laptop with customer data

Carrie, A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities. The employee was Abbie Absent-Minded. Well, we hit a...more

Ransomware: Electronic Extortion for a Digital Era

Last month, the FBI asked the American Bar Association to share a cyberalert with its members warning of an increased risk of ransomware. Ransomware poses significant legal and operational risks to businesses. Personnel at...more

Laws Governing Data Security and Privacy – U.S. Jurisdictions at a Glance (updated for 2016)

The attached chart constitutes a summary of the laws of various jurisdictions that govern data breach notifications....more

Strict and far-reaching new EU data protection regime comes into force

The EU General Data Protection Regulation ("GDPR") is now in force, and the clock is officially ticking for businesses to bring their operations into line with its sweeping changes. On 4 May 2016, after more than four...more

Tennessee’s Data-Breach Notice Requirements Among the Nation’s Toughest

On July 1, 2016, Tennessee’s new notice requirements for breaches of data security systems which compromise an individual’s personal information will take effect. The amendments to Tennessee’s current rules, found at T.C.A....more

Georgia Attorney General Supports Federal Data Breach Standard

Georgia Attorney General Sam Olens has come out in support of federal data breach preemption as a more realistic way to ask companies to comply with regulatory requirements in the wake of a breach or data loss incident.  His...more

Canada's PIPEDA: consultation opportunity for data breach reporting regulations

The Canadian government continues to move forward with the regulation development process relating to data breach reporting....more

Breach Response Portal Added by Massachusetts Regulator

If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators. In some states (for example,...more

New HIPAA Phase 2 Audits: Targets Notified by Email Only

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced the long-awaited launch of Phase 2 of its HIPAA Audit Program (Phase 2 Audits). The Phase 2 Audits will review the policies...more

Tennessee Significantly Strengthens Its Data Breach Notification Requirements

On March 24, 2016, Tennessee Governor Bill Haslam signed into law Senate Bill 2005 to strengthen Tennessee’s data breach notification requirements. Under the new law, an information holder must provide notice to residents of...more

State Data Security Breach Notification Laws - April 2016

The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i) Social Security number, (ii)...more

Privacy Tip #27 – Complying with the new Rhode Island data security law

As we mentioned before, Rhode Island amended its Identity Theft Protection Act on June 30, 2015, which will become effective on June 26, 2016. Now is the time to think about and put processes in place for compliance with the...more

Tennessee Amends Breach Notification Statute

On March 24, 2016, Tennessee’s breach notification statute was amended when Governor Bill Haslam signed into law S.B. 2005. Under the amendment, notification of a data breach must now be provided to any affected...more

Utah’s Personal Information Protection and Data Breach Laws

Utah, like most U.S. states, has enacted laws concerning data security and steps to take when a data breach occurs. Here is what Utah law provides as codified in Utah Code Ann §§ 13–44–101 et seq. The law has been in effect...more

Plan Now to Comply with New Rhode Island Identity Theft Protection Act

Businesses, organizations, state and local governmental entities and individuals who collect and store personal information about Rhode Island residents should start planning now to comply with the new Rhode Island Identity...more

Government Investigations Into Cybersecurity Breaches In Healthcare

In September 2015, a U.S. Department of Health and Human Services (HHS), Office of the Inspector General (OIG), report found that the Office of Civil Rights (OCR), the agency charged with ensuring compliance with the Health...more

Privacy vs. Data Security: Why Plaintiffs in Consumer Data Breach Cases Still Have a Long Way to Go

The year 2005 really marked the beginning of the “era of data breaches,” and with it, the “era of data breach lawsuits.” The ChoicePoint data breach in late 2004, which first became newsworthy in early 2005, was the catalyst....more

Laws Governing Data Security and Privacy – U.S. Jurisdictions at a Glance (updated for 2016)

The chart blow constitutes a summary of the laws of various jurisdictions that govern data breach notifications. Please see full Publication below for more information. ...more

231 Results
|
View per page
Page: of 10
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×