2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
The legal landscapes for privacy and cybersecurity continue to evolve rapidly, presenting both challenges and opportunities for innovative companies. Indeed, 2024 was a busy year, with the enactment of a number of new federal...more
On December 21, 2024, New York Gov. Kathy Hochul signed into law S2659-B/A8872-A, which, effective immediately, changed timing requirements for notice under New York’s data breach notification law and expanded the list of...more
Cyber incidents have been growing at an exponential rate in recent years. A recent report from the Identity Theft Resource Center found that there were over one billion data breach victims in Q2 of 2024, which is around five...more
The Rhode Island Legislature enacted its comprehensive data privacy law on July 1, 2024. The Data Transparency and Privacy Protection Act (H 7787, or the “RI-DTPPA”) was enacted in response to growing concerns about data...more
Tennessee has joined a handful of other states to provide certain safe harbors in the cybersecurity realm. Unlike others, the law sites beside -but does not modify- the states’ data breach notification law. Also unlike...more
When it comes to data privacy and regulation of personal information, United States companies face a number of major challenges. Compliance is not easy when you have fast-moving targets. The single biggest cause of this...more
Consistent with recent trends in broadening the scope of state data breach notification statutes, Connecticut and Florida have expanded the definitions of personal information under their respective data breach notification...more
Non-bank financial institutions will have a new data breach disclosure requirement effective May 13, 2024. The Federal Trade Commission (FTC) recently updated the Gramm-Leach-Bliley Safeguards Rule (“Safeguards Rule”), adding...more
On November 1, 2023, the New York Department of Financial Services (NY DFS) published its highly anticipated final amendments to its influential cybersecurity requirements for financial services companies (Part 500)....more
Rutters, a prominent grocery chain in Pennsylvania with 80 locations statewide, settled a data breach investigation with Attorney General (AG) Michelle Henry’s office by agreeing to pay $1 million and to implement certain...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
Iowa becomes the fourth U.S. state to provide an affirmative defense for companies that adopt a cybersecurity framework - Iowa is the fourth state—following Ohio, Connecticut, and Utah—to provide a statutory incentive for...more
The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies...more
Texas amended its data breach notification law to significantly tighten the deadline for notifying the state attorney general (AG) of a data breach affecting 250 or more state residents. Senate Bill 768, which amended Section...more
On March 29th, Iowa Governor Kim Reynolds signed Senate Bill 262 into law, making Iowa only the 6th U.S. state to enact a Consumer Data Privacy Rights Law. ...more
An Iowa comprehensive privacy law bill titled An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions recently passed both chambers of the Iowa legislature with no...more
With the unanimous passage of Senate File 262 by the Iowa House and Senate and the Governor's signature Tuesday, the Hawkeye State joins California, Colorado, Connecticut, Virginia, and Utah as one of six states with a...more
For businesses subject to data breach notification requirements in Utah and Pennsylvania, a series of significant amendments will soon go into effect in both states. ...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Are you using VMware ESXi servers? Why should you worry? Unpatched VMware ESXi servers are actively being attacked against a two-year-old remote code execution vulnerability to deploy a new ESXiArgs ransomware. ...more
PayPal Discloses December 2022 Security Incident Involving Credential Stuffing Attacks - PayPal has begun sending out notification letters to individuals impacted by a security incident that occurred in early December...more
On December 28, 2022, the Federal Communications Commission (“FCC”) adopted a Notice of Proposed Rulemaking (“NPRM”) seeking to modernize and strengthen its rules to better protect consumers from the harm caused by breaches...more
What is in store for Privacy and Cybersecurity in 2023 - As the year ends, we offer this special edition with predictions for 2023 from each member of the Cyber Bits Partner Committee. Regardless of what happens in 2023, we...more
While new comprehensive state privacy laws took most of the headlines this year, security threats and incident response remain key risk factors for privacy compliance programs and the subject of important legal developments....more
Scott Seaman—Chicago-based partner and co-chair of Hinshaw's global Insurance Services Practice Group—hosts Hinshaw partner Annmarie Giblin in a discussion about data security plans for businesses and data breach...more