2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
The legal landscapes for privacy and cybersecurity continue to evolve rapidly, presenting both challenges and opportunities for innovative companies. Indeed, 2024 was a busy year, with the enactment of a number of new federal...more
On December 21, 2024, New York Gov. Kathy Hochul signed into law S2659-B/A8872-A, which, effective immediately, changed timing requirements for notice under New York’s data breach notification law and expanded the list of...more
Perkins Coie’s Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
The Rhode Island Legislature enacted its comprehensive data privacy law on July 1, 2024. The Data Transparency and Privacy Protection Act (H 7787, or the “RI-DTPPA”) was enacted in response to growing concerns about data...more
When it comes to data privacy and regulation of personal information, United States companies face a number of major challenges. Compliance is not easy when you have fast-moving targets. The single biggest cause of this...more
Consistent with recent trends in broadening the scope of state data breach notification statutes, Connecticut and Florida have expanded the definitions of personal information under their respective data breach notification...more
Non-bank financial institutions will have a new data breach disclosure requirement effective May 13, 2024. The Federal Trade Commission (FTC) recently updated the Gramm-Leach-Bliley Safeguards Rule (“Safeguards Rule”), adding...more
Rutters, a prominent grocery chain in Pennsylvania with 80 locations statewide, settled a data breach investigation with Attorney General (AG) Michelle Henry’s office by agreeing to pay $1 million and to implement certain...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
On 7 September 2023, the Saudi Data & Artificial Intelligence Authority (SDAIA) published the (i) Implementing Regulations of the Personal Data Protection Law (PDPL) and (ii) Regulation on Personal Data Transfer outside the...more
Iowa becomes the fourth U.S. state to provide an affirmative defense for companies that adopt a cybersecurity framework - Iowa is the fourth state—following Ohio, Connecticut, and Utah—to provide a statutory incentive for...more
The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies...more
Texas amended its data breach notification law to significantly tighten the deadline for notifying the state attorney general (AG) of a data breach affecting 250 or more state residents. Senate Bill 768, which amended Section...more
As we wrote in November, Pennsylvania amended its data breach notification laws last year, and those changes go into effect tomorrow (May 2, 2023). Beginning tomorrow, if a breach of username/email accounts and their...more
On March 29th, Iowa Governor Kim Reynolds signed Senate Bill 262 into law, making Iowa only the 6th U.S. state to enact a Consumer Data Privacy Rights Law. ...more
An Iowa comprehensive privacy law bill titled An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions recently passed both chambers of the Iowa legislature with no...more
With the unanimous passage of Senate File 262 by the Iowa House and Senate and the Governor's signature Tuesday, the Hawkeye State joins California, Colorado, Connecticut, Virginia, and Utah as one of six states with a...more
For businesses subject to data breach notification requirements in Utah and Pennsylvania, a series of significant amendments will soon go into effect in both states. ...more
While new comprehensive state privacy laws took most of the headlines this year, security threats and incident response remain key risk factors for privacy compliance programs and the subject of important legal developments....more
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021. This episode takes us deeper into the expanding...more
March was a busy month for data privacy and security, especially as it relates to health care entities. To help keep you up to date with the changes, we’ve included a few highlights for you below... ...more
CYBERSECURITY - Okta Notifies Customers of LAPSUS$ Attack - Okta, which markets itself as a “leading provider of identity” in the health care, public sector, energy, financial services, technology, travel and hospitality,...more
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is...more
Has your business considered what obligations you would have to notify people in the event of a cyber-attack that compromises some or all of your IT systems? Have you cataloged all the data you collect and where it is stored...more
Over the last several months, a minority of states amended their data breach notification statutes or enacted sector-specific breach notification requirements. ...more