Several states have clarified or tightened their data breach notification statutes since we last updated the Mintz Matrix at the beginning of the year. Please click here for the latest edition of the Mintz Matrix, which is a...more
At the close of Connecticut’s 2021 legislative session, a pair of data protection/cybersecurity related bills made their way to Governor Ned Lamont’s desk, while a CCPA-like omnibus privacy law falling one floor vote short. ...more
As of March 12, 2020, the proposed Washington Privacy Act has foundered on enforcement rocks. The Senate did not agree with the House’s amendment that would have included a broad private right of action. The Senate’s version...more
3/13/2020
/ Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Authority ,
Infectious Diseases ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes
In this post, we offer insights on the revisions recently made by the California Attorney General’s office to Article 4 of its draft regulations pertaining to verification requirements. Article 4 specifies how businesses...more
The Washington Privacy Act has overwhelmingly passed the Washington state senate by a vote of 46-1...more
Back in October, we provided a summary of Article 2 of the California Attorney General’s Initial Proposed CCPA draft regulations, which specify certain notices that must be given to consumers at the time of collection of...more
The House Bill. The House is taking a different approach to drafting a federal privacy bill. On December 18, Democratic and Republican staff for the House Energy & Commerce Committee released a bipartisan staff draft for...more
1/30/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Cybersecurity Framework ,
Data Collection ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Privacy Laws ,
Reasonable Expectation of Privacy ,
Rulemaking Process ,
State Data Breach Notification Statutes
As 2020 gets underway, Congress will continue to deliberate on federal privacy legislation in the second session of the 116th Congress. The California Consumer Privacy Protection Act (CCPA) went into effect on January 1, and...more
1/30/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Privacy Laws ,
Rulemaking Process ,
State Data Breach Notification Statutes
51 tech company CEOs today signed and sent an open letter to Congress asking for help to hold off and supersede the rising number of state privacy laws growing like weeds. The letter was sent on behalf of the Business...more
Significant changes to the Massachusetts data breach notification law take effect on April 11, 2019. You can view the amendment here. If you haven’t looked at your written information security plan, or WISP, in a while, now’s...more
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
6/7/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Hickenlooper ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team...more
5/1/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes
Alabama has joined the “crazy quilt” of state data breach notification laws with the governor’s signature of the Alabama Data Breach Notification Act of 2018.
Things to take note of under the Alabama law...more
Only one U.S. state without a data breach notification law, that is.
South Dakota as become the 49th state to enact a data breach notification law, which take effect on July 1. The South Dakota law follows the pattern...more
As data breaches dominate national headlines it remains important as ever for businesses to invest in security and to be ready to respond if a breach occurs. Part of your preparedness program should be staying current on data...more
After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz...more
We are anxiously waiting to learn the fate of the data breach notification statute recently passed by state lawmakers in New Mexico. The bill remains on the desk of the governor who has until the end of the week to sign the...more
Wearable technology continues to do a full court press on the marketplace and in the process, the step counters of the world and health apps tied to devices capable of tracking real-time biostatistics, are revolutionizing the...more
During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were...more
As has become typical in the data security space, there was quite a bit of activity in state legislatures over the previous year concerning data breach notification statutes. Lawmakers are keenly aware of the high profile...more
Last week the clothing retailer Eddie Bauer LLC issued a press release to announce that its point of sale (“POS”) system at retail stores was compromised by malware for more than six months earlier this year. The...more
Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more
6/15/2016
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Encryption ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Phishing Scams ,
PIPA ,
Safe Harbors ,
State Data Breach Notification Statutes
If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators. In some states (for example,...more