The United States is on track to see a record number of data breaches in 2023 and state regulators are paying attention. The swift action required by victim companies includes containment and elimination of the threat, and...more
The New York Department of Financial Services (the “NY DFS”) has published three new FAQs that interpret certain requirements under its Cybersecurity Regulation (23 NYCRR 500, the “NY DFS Cyber Reg”) related to breaches by...more
To date, six states from Michigan to Alabama have adopted versions of the National Association of Insurance Commissioner’s model insurance data security law (the “NAIC model”). The NAIC model generally requires entities...more
On January 10, 2019, Massachusetts Governor Charlie Baker signed House Bill No. 4806 into law. The bill amends certain provisions of the state data breach notification law, increasing reporting requirements on a person or...more
On January 10, 2019, Massachusetts Governor Baker signed “An Act relative to consumer protection from security breaches” (House Bill No. 4806), which added new requirements and obligations for companies that experience a data...more
What seems like a long time ago now, in 2011 PricewaterhouseCoopers (PwC) warned that “there is no question that law firms are among the companies being targeted by cyber criminals.” Despite this, many law firms believed (or...more
Early this month, the NAIC Cybersecurity (EX) Task Force released a preliminary working and discussion draft of an Insurance Data Security Model Law. While praise worthy in its effort to provide uniformity for data security...more
Rhode Island recently amended its 10-year-old Identity Theft Protection Act effective June 26, 2016, further defining and refining existing data security and breach notification requirements, and adding a requirement to...more
The European Parliament, the Council and the Commission have agreed on the first EU-wide legislation on cybersecurity. Under the new measure, internet companies such as Google, Amazon, eBay and Cisco, but not social...more
On October 14, 2015, the NAIC’s Cybersecurity (EX) Task Force adopted a Cybersecurity Bill of Rights, an aspirational, well-intended document outlining the rights insurance consumers should (or could? or might? this point...more
Retail Tracking Update: Privacy Guidance Following Nomi Technologies
- There is currently a widespread effort to quantify everything, from steps, to sleep, to batted ball exit velocity. Fifteen years ago, TV host Jeremy...more
7/31/2015
/ Breach Notification Rule ,
Canada ,
Confidential Information ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
FOIA ,
Hong Kong ,
Identity Theft ,
Notification Requirements ,
Online Safety for Children ,
PCPD ,
Personal Data ,
PIPEDA ,
Power Grid ,
Retail Tracking ,
Risk Assessment ,
Standing ,
Telecommunications ,
Turkey ,
UNCITRAL