2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
Iowa becomes the fourth U.S. state to provide an affirmative defense for companies that adopt a cybersecurity framework - Iowa is the fourth state—following Ohio, Connecticut, and Utah—to provide a statutory incentive for...more
On July 15, 2021, Wisconsin Governor Tony Evers signed Act 73 (Act) into law, making Wisconsin the latest state to adopt the National Association of Insurance Commissioner's (NAIC) model cybersecurity law. Most recently, Iowa...more
Connecticut has become the third state to enact a cybersecurity safe harbor statute. On June 16 and July 6, 2021, Connecticut Governor Ned Lamont signed two new cybersecurity laws that continue the national trend of...more
In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons...more
From late June 2019 through mid-October 2019, a handful of states amended their data breach notification statutes. Specifically, six states amended their states to (1) require notice to the State Attorney General, (2) broaden...more
As mega-breaches heighten concern about the security of personal information and a federal solution does not appear forthcoming, New York recently joined the growing list of states imposing their own security obligations on...more
New York has joined California, Massachusetts, and Colorado in adopting a law that requires businesses that collect private information on residents to implement reasonable cybersecurity safeguards to protect that...more
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more
On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The SHIELD Act modifies the current Breach Notification Law to expand the types of data...more
• New York recently enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which expands data breach notification requirements and imposes new data security obligations on businesses that own, license or,...more
In this month's edition of our Privacy & Cybersecurity Update, we examine New York's new laws expanding consumer protection for data breaches, the D.C. Circuit's two rulings deepening the split regarding standing in data...more
New law in New York State extends requirements on companies doing business with New York residents to have cybersecurity programs and expands New York’s breach notification requirements. New law extends the reach of New...more
On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”), making key changes to New York’s data breach notification and cybersecurity laws....more
Over the past six months, a significant number of states have amended their data breach notification statutes. Specifically, thirteen states have amended their statutes to: (1) require notice to the State Attorney General,...more
A few weeks ago, Texas signed into law an amendment to its data breach law, capping off a busy first half of 2019 for state lawmakers in this arena. As we gear up for the second half of 2019, we thought a recap was...more
Beginning on March 1, 2020, Washington State’s data breach notification law will change in a number of important ways. First, the definition of “Personal Information” will expand significantly. This means more data elements...more
Effective November 2, 2018, companies that suffer a breach may have certain defenses in Ohio if they have a written cybersecurity program in place. Under this new law, companies can use as an affirmative defense the existence...more
Game-changing Calif. Consumer Privacy Act of 2018 puts statutory breach damages on the table - The recently-enacted California Consumer Privacy Act of 2018 is a game-changer in a number of respects. The Act imports...more
On May 29, 2018 Governor Hickenlooper signed HB—1128 into law. Importantly, the Bill amends the State’s data breach notification law to require that affected Colorado residents be notified within 30 days of a data breach, and...more
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
On May 29, 2018, Colorado passed House Bill 18-1128, which requires "covered entities" to comply with new rules regarding the security and disposal of "personal identifying information" (PII). The new law also provides an...more
Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information...more
With South Dakota and Alabama’s new statutes, all 50 states and the District of Columbia have now enacted data breach notification laws. The Oregon and Delaware amended statutes will enhance requirements, and Canada’s new law...more
The Arizona Legislature has significantly expanded and strengthened the state's data breach notification law. The legislation was signed by Arizona Governor Doug Ducey on April 11, 2018....more