Continued cyberthreats drove expanded data security and breach notification requirements in 2024.
Although sectors deemed high-risk saw significant activity, we also saw proposed regulations that stand to have a...more
12/16/2024
/ Audits ,
Breach Notification Rule ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
FCC ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Privacy Laws ,
Proposed Regulation ,
Securities and Exchange Commission (SEC)
The Federal Trade Commission (FTC) announced a complaint and proposed consent order against Marriott International Inc. and its subsidiary, Starwood Hotels & Resorts Worldwide LLC, on October 9, 2024, concerning three alleged...more
On February 1, 2024, the Federal Trade Commission (FTC) announced a complaint and proposed consent order against Blackbaud, Inc. concerning a 2020 data security incident that included a ransomware demand and payment....more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
10/19/2023
/ Breach Notification Rule ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Security ,
Notification Requirements ,
Popular ,
Privacy Laws ,
State Privacy Laws
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
10/10/2023
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
FCC ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Proposed Legislation ,
Regulatory Reform ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes
The Board of the California Privacy Protection Agency (the CPPA) held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment...more
9/27/2023
/ Audits ,
Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment
Cyberattacks continue to plague businesses, making the fallout of data breach notification and response as critical as ever. This year, like 2021, has been relatively quiet as it relates to state updates to breach...more
10/7/2022
/ Amended Rules ,
Biden Administration ,
Breach Notification Rule ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
E-Commerce ,
Internet Retailers ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
State and Local Government
States continue to enhance and expand their breach notification requirements, increasing the scope of breaches that require notice as well as the complexity of compliance. Four jurisdictions—Vermont, the District of Columbia,...more
2017 has reminded us that data security threats continue to evolve and that the stakes for companies can be very high if their data security programs fail to evolve as well. Before the recent announcement of Equifax’s...more
9/19/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Equifax ,
Hackers ,
Human Resources Professionals ,
Phishing Scams ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Tax Fraud ,
Tax Scams ,
Third-Party Service Provider
New Mexico became the 48th state to enact data breach notification legislation with the Data Breach Notification Act, signed in April and effective as of June 16, 2017. Following a round of revisions that removed some of its...more