Continued cyberthreats drove expanded data security and breach notification requirements in 2024.
Although sectors deemed high-risk saw significant activity, we also saw proposed regulations that stand to have a...more
12/16/2024
/ Audits ,
Breach Notification Rule ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
FCC ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Privacy Laws ,
Proposed Regulation ,
Securities and Exchange Commission (SEC)
Perkins Coie’s Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
11/26/2024
/ Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Information Technology ,
New Legislation ,
Notification Requirements ,
Personal Information ,
Privacy Laws ,
Regulatory Agenda ,
Security Breach ,
State and Local Government ,
State Data Breach Notification Statutes ,
State Privacy Laws ,
Third-Party
As the holiday shopping season kicks into high gear, it also becomes a prime opportunity for cybercriminals to target retailers, their suppliers, and their customers. As The Hacker News reports, criminal use of artificial...more
11/22/2024
/ Artificial Intelligence ,
Bots ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Holidays ,
Incident Response Plans ,
Retail Market ,
Retailers ,
Risk Management ,
Scams ,
Suppliers ,
Technology Sector
The Federal Trade Commission (FTC) announced a complaint and proposed consent order against Marriott International Inc. and its subsidiary, Starwood Hotels & Resorts Worldwide LLC, on October 9, 2024, concerning three alleged...more
Amid intense focus on AI and a flurry of consumer privacy law updates, legislative activity has continued to change data breach notification requirements in a variety of ways. Similar to 2023, a handful of changes to...more
9/30/2024
/ Artificial Intelligence ,
Breach Notification Rule ,
Consumer Privacy Rights ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
FCC ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Popular ,
Regulation S-P ,
Regulatory Requirements ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
State and Local Government ,
State Data Breach Notification Statutes
On February 1, 2024, the Federal Trade Commission (FTC) announced a complaint and proposed consent order against Blackbaud, Inc. concerning a 2020 data security incident that included a ransomware demand and payment....more
Under an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) announced on October 27, 2023, the Federal Trade Commission (FTC) will require a broad range of nonbank financial institutions to notify the...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
10/19/2023
/ Breach Notification Rule ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Security ,
Notification Requirements ,
Popular ,
Privacy Laws ,
State Privacy Laws
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
10/10/2023
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
FCC ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Proposed Legislation ,
Regulatory Reform ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes
The Board of the California Privacy Protection Agency (the CPPA) held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment...more
9/27/2023
/ Audits ,
Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment
Cyberattacks continue to plague businesses, making the fallout of data breach notification and response as critical as ever. This year, like 2021, has been relatively quiet as it relates to state updates to breach...more
10/7/2022
/ Amended Rules ,
Biden Administration ,
Breach Notification Rule ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
E-Commerce ,
Internet Retailers ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
State and Local Government
Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in...more
States continue to enhance and expand their breach notification requirements, increasing the scope of breaches that require notice as well as the complexity of compliance. Four jurisdictions—Vermont, the District of Columbia,...more
As more and larger data breaches come to light, states continue to update and expand their breach notification statutes, adding to the patchwork of notification obligations that now exists in every state. Generally speaking,...more
This spring has brought a particularly active round of revisions to state data breach notification laws. Most notably, as of July 1, 2018, every state will have a breach notification law. Alabama and South Dakota both passed...more
The General Data Protection Regulation (GDPR), which is effective May 25, 2018, requires notification to European regulators within 72 hours of the discovery of many types of data breaches. This deadline requires speed and...more
2017 has reminded us that data security threats continue to evolve and that the stakes for companies can be very high if their data security programs fail to evolve as well. Before the recent announcement of Equifax’s...more
9/19/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Equifax ,
Hackers ,
Human Resources Professionals ,
Phishing Scams ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Tax Fraud ,
Tax Scams ,
Third-Party Service Provider
New Mexico became the 48th state to enact data breach notification legislation with the Data Breach Notification Act, signed in April and effective as of June 16, 2017. Following a round of revisions that removed some of its...more
The spring legislative sessions this year brought a now-familiar round of revisions to data breach notification laws, with states broadening their laws in often divergent ways. This year, Illinois, Nebraska, and Tennessee...more
In four of the last five years, California’s legislature has updated its data breach notification law, expanding its scope and making the required notifications more specific. This year, the legislature passed three separate...more
Target’s 2013 data breach has generated over 100 consumer lawsuits, which were consolidated last year before the U.S. District Court for the District of Minnesota. On December 18, 2014, Judge Paul A. Magnuson issued a...more
California, Florida, Kentucky, and Iowa have changed their security breach notification requirements in the past few months: California passed legislation effective January 1, 2015, that for the first time, addresses...more
Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in...more
Courts Split Over Impact of Supreme Court Decision -
The Southern District of California last month let 8 out of 51 claims survive in a putative class action arising out of the 2011 breach of the Sony PlayStation...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more