2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
Balancing cybersecurity incident disclosures has been a challenge for those in the trenches for years. That has not changed, and recent regulatory activity should not alter the challenges breach counsel confront. In short,...more
Consistent with recent trends in broadening the scope of state data breach notification statutes, Connecticut and Florida have expanded the definitions of personal information under their respective data breach notification...more
Non-bank financial institutions will have a new data breach disclosure requirement effective May 13, 2024. The Federal Trade Commission (FTC) recently updated the Gramm-Leach-Bliley Safeguards Rule (“Safeguards Rule”), adding...more
Rutters, a prominent grocery chain in Pennsylvania with 80 locations statewide, settled a data breach investigation with Attorney General (AG) Michelle Henry’s office by agreeing to pay $1 million and to implement certain...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
Iowa becomes the fourth U.S. state to provide an affirmative defense for companies that adopt a cybersecurity framework - Iowa is the fourth state—following Ohio, Connecticut, and Utah—to provide a statutory incentive for...more
Texas amended its data breach notification law to significantly tighten the deadline for notifying the state attorney general (AG) of a data breach affecting 250 or more state residents. Senate Bill 768, which amended Section...more
As we wrote in November, Pennsylvania amended its data breach notification laws last year, and those changes go into effect tomorrow (May 2, 2023). Beginning tomorrow, if a breach of username/email accounts and their...more
For businesses subject to data breach notification requirements in Utah and Pennsylvania, a series of significant amendments will soon go into effect in both states. ...more
While new comprehensive state privacy laws took most of the headlines this year, security threats and incident response remain key risk factors for privacy compliance programs and the subject of important legal developments....more
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021. This episode takes us deeper into the expanding...more
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is...more
Has your business considered what obligations you would have to notify people in the event of a cyber-attack that compromises some or all of your IT systems? Have you cataloged all the data you collect and where it is stored...more
Over the last several months, a minority of states amended their data breach notification statutes or enacted sector-specific breach notification requirements. ...more
As the onslaught of data breaches and ransomware attacks continues, state governments are grappling with ways to bolster the impact and reach of breach notification laws. All fifty states, Puerto Rico, Guam, the Virgin...more
Companies and consumers alike are under perpetual assault from bad actors as IoT, work from home, and cloud migration – all intended to improve productivity – have expanded the cyber attack surface. The continually evolving...more
On October 1, 2021, two Acts overhauling data privacy and cybersecurity in Connecticut took effect—the latest instance of stronger state breach reporting requirements with a safe harbor protection from litigation for...more
Connecticut’s new cybersecurity standards law, which goes into effect on October 1, 2021, protects companies from punitive damages in certain data breach actions where an organization has a cybersecurity program that conforms...more
For many manufacturers, data privacy and protection laws may seem like legal concerns that apply to other, more consumer-facing companies. While that may be largely true, given the ubiquitous nature of data, no business can...more
I’ve written quite a bit during the past year about cybersecurity, urging lawyers to take seriously their obligations to protect client confidential information and to be judicious when acquiring technology and services that...more
On June 16, and then on July 6, 2021, Connecticut Governor Ned Lamont signed into law a pair of bills that together address privacy and cybersecurity in the state....more
Connecticut has become the third state to enact a cybersecurity safe harbor statute. On June 16 and July 6, 2021, Connecticut Governor Ned Lamont signed two new cybersecurity laws that continue the national trend of...more
The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law...more
On May 31, 2021, the Texas Legislature approved House Bill 3746, which seeks to amend the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a breach of security of computerized...more
In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons...more