2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is...more
Has your business considered what obligations you would have to notify people in the event of a cyber-attack that compromises some or all of your IT systems? Have you cataloged all the data you collect and where it is stored...more
Over the last several months, a minority of states amended their data breach notification statutes or enacted sector-specific breach notification requirements. ...more
On September 15, 2020, the New York Attorney General (NYAG) reached a Consent and Stipulation Agreement (the “Agreement”) with Dunkin’ Brand’s Inc. a year after filing a lawsuit over the company’s response to cyberattacks in...more
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
New York Governor Andrew M. Cuomo signed a bill into law last week that expands New York’s data breach notification law. The Stop Hacks and Improve Electronic Data Security (SHIELD) Act brings the New York data breach...more
On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”), making key changes to New York’s data breach notification and cybersecurity laws....more
Over the past six months, a significant number of states have amended their data breach notification statutes. Specifically, thirteen states have amended their statutes to: (1) require notice to the State Attorney General,...more
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
Massachusetts’ breach notice law has been amended, requiring companies who suffer a data breach to provide more information to the Attorney General about the incident. The law will go into effect in a month, on April 11,...more
Game-changing Calif. Consumer Privacy Act of 2018 puts statutory breach damages on the table - The recently-enacted California Consumer Privacy Act of 2018 is a game-changer in a number of respects. The Act imports...more
CYBERSECURITY - Ticketmaster Hit With Malware Compromising UK Customers’ Data - Ticketmaster has reported that it has “identified malicious software on a customer support product hosted by Inbenta Technologies, an...more
We have frequently reported about how devastating and widespread tax fraud is in the U.S.—in the past affecting hundreds of thousands of U.S. tax payers. Income tax preparers are at risk for cyber intrusions because they hold...more
Snell & Wilmer’s Breach Response Team regularly guides clients through all phases of data breach and cyber incident response, including leading internal investigations related to data breaches and cyber incidents in...more
With South Dakota and Alabama’s new statutes, all 50 states and the District of Columbia have now enacted data breach notification laws. The Oregon and Delaware amended statutes will enhance requirements, and Canada’s new law...more
The Arizona Legislature has significantly expanded and strengthened the state's data breach notification law. The legislation was signed by Arizona Governor Doug Ducey on April 11, 2018....more
On March 28, 2018, Alabama adopted a data privacy law, the Alabama Data Breach Notification Actof 2018 (SB318). While Alabama is one of the last states to adopt such an act, the Act is notable in its requirements, and applies...more
In March, we reported that the Oregon legislature was considering amending its data breach notification and information security laws. That legislation has now passed the Oregon legislature and been signed into law by...more
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. ...more
South Dakota has become the 49th State to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The law will take effect on July 1, 2018....more
Given the nearly daily reports of data breaches, ransomware attacks and phishing exploits affecting entities of all sizes, Arizona entities should be aware that Arizona law may require them to provide notice to employees,...more
The last two states which have not passed data breach notification laws are Alabama and South Dakota. Sometimes we make jokes about these states as they are so late to the data breach notification table (California was the...more
Alabama and South Dakota are the only two states that have not passed a data breach notification and reporting law. On March 1, 2018, Alabama got one step closer to not finishing dead last when the Alabama senate passed...more
Any entity that does business in these states or maintains confidential information of their residents should monitor the proposed data breach legislation discussed below: Oregon, New York, Alabama, and Rhode Island....more
With major consumer data breaches making headlines on a semi-regular basis, legislators around the country are starting to hold businesses more accountable for cybersecurity compliance. Industry-specific laws such as HIPAA...more