If you are in the consumer health space, you have (or at least we hope you have...) figured out by now that there are health-related privacy and security laws and regulations that apply to your business. The Federal Trade...more
Texas has joined the growing list of states enacting comprehensive consumer data privacy laws. On June 18, 2023, Governor Abbott (R) signed H.B.4, otherwise known as the Texas Data Privacy and Security Act (“TDPSA”). The...more
Just ahead of the expected April release of the final SEC cybersecurity regulations, the SEC has fined Blackbaud, a donor data management platform used widely by nonprofits, $3 million dollars for "misleading disclosures" in...more
It’s been a busy 2021 legislative session for changes to data breach laws, and that means it is time to review and update your incident response plans. Several states have shortened data breach notification timelines or...more
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
6/7/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Hickenlooper ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands...more
5/16/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Vendor Contacts
With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team...more
5/1/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes
Alabama has joined the “crazy quilt” of state data breach notification laws with the governor’s signature of the Alabama Data Breach Notification Act of 2018.
Things to take note of under the Alabama law...more
As we near the end of a year that has seen more than its share of massive data breaches, two bills have been introduced (one re-introduced) in the U.S. Senate....more
12/11/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Equifax ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Proposed Legislation ,
Reporting Requirements ,
Uber
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
9/13/2017
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Credit Cards ,
Credit Reporting Agencies ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Equifax ,
FBI ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Popular
Five Things You (and Your M&A Diligence Team) Should Know -
Recently it was announced that Verizon would pay $350 million less than it had been prepared to pay previously for Yahoo as a result of data breaches that...more
During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were...more
The Securities and Exchange Commission (SEC) is investigating whether Yahoo! should have reported the two massive data breaches it experienced earlier to investors, according to individuals with knowledge. The SEC will...more
As has become typical in the data security space, there was quite a bit of activity in state legislatures over the previous year concerning data breach notification statutes. Lawmakers are keenly aware of the high profile...more
Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more
6/15/2016
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Encryption ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Phishing Scams ,
PIPA ,
Safe Harbors ,
State Data Breach Notification Statutes
If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators. In some states (for example,...more
The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i) Social Security number, (ii)...more
Once again, data breaches and hacks are front and center, so here are three stories you should know about to start your week....more
7/21/2015
/ Auto-Dialed Calls ,
Breach Notification Rule ,
Credit Monitoring ,
Cyber Crimes ,
Data Breach ,
Encryption ,
FCC ,
Hackers ,
Personally Identifiable Information ,
Robocalling ,
TCPA ,
UCLA ,
UCLA Medical Center
In the absence of any meaningful moves in Congress to enact uniform data breach notification, the states continue to make adjustments to existing laws to better protect affected residents in their states.
Connecticut is...more
State legislatures are not waiting for Congressional action on a national data breach notification standard.
Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the...more
This has been a big week for cybersecurity announcements from Washington. In what the White House has called a series of “SOTU Spoilers,” President Obama announced his intention to follow through on some of the...more
Three privacy/security stories that you should know as you start your week:
President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals -
In a series of speeches this week, President...more
sing it with me now….
Five Golden Rules…….(well, five new privacy laws/requirements)
There are five significant new privacy laws/amendments that will be effective as of New Year’s Day — January 1, 2015 — and...more
The general definition of “personal information” or “PI” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of following data elements: (i) Social Security number,...more
As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.” We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate....more