During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were considering new regulations or amendments to their existing security breach laws. We expect there to continue to be significant regulatory activity in the data security space during 2017. As always, we will keep you abreast of changes and will release updated versions of our Mintz Matrix to keep pace with developments in the states.
We are keeping an eye out for signs of support for a national breach notification law. So far, there does not appear to be much political motivation for undertaking this effort. A key sticking point is anxiety among a number of states that a federal law would offer less protection than their existing state law. This is a valid concern since a national standard will only alleviate the significant burden of complying with the present patchwork of state laws if it has broad pre-emptive effect. Only time will tell if state and federal lawmakers can work together to develop a comprehensive nationwide regime for security breach notification and remediation.
Please see full publication below for more information.