2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
As we wrote in November, Pennsylvania amended its data breach notification laws last year, and those changes go into effect tomorrow (May 2, 2023). Beginning tomorrow, if a breach of username/email accounts and their...more
In addition to recently passing a cybersecurity safe harbor law, Connecticut also updated its data breach notification law. Connecticut joins Texas in passing changes to breach notification requirements this year. There are...more
Connecticut has become the third state to enact a cybersecurity safe harbor statute. On June 16 and July 6, 2021, Connecticut Governor Ned Lamont signed two new cybersecurity laws that continue the national trend of...more
On February 21, 2019, California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael) announced Assembly Bill 1130 which intended to strengthen and expand California’s existing data breach...more
New York Governor Andrew M. Cuomo signed a bill into law last week that expands New York’s data breach notification law. The Stop Hacks and Improve Electronic Data Security (SHIELD) Act brings the New York data breach...more
On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”), making key changes to New York’s data breach notification and cybersecurity laws....more
Over the past six months, a significant number of states have amended their data breach notification statutes. Specifically, thirteen states have amended their statutes to: (1) require notice to the State Attorney General,...more
The much-anticipated amendment to North Carolina’s data breach notification law that we reported on earlier this year (see here) has finally been introduced to the state’s General Assembly. The bill entitled, an Act...more
It was looking like Washington state would be the first state to follow the California Consumer Privacy Act (CCPA), with a GDPR-like law of its own. That effort has stalled, perhaps temporarily. However, both Washington’s...more
Significant changes to the Massachusetts data breach notification law take effect on April 11, 2019. You can view the amendment here. If you haven’t looked at your written information security plan, or WISP, in a while, now’s...more
The Situation: In the wake of the Equifax data breach, Massachusetts has amended its data breach law. The Result: Companies reporting security breaches under the amended data breach law must provide additional information...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On January 10, 2019, Massachusetts Governor Charlie Baker signed into law the , which amends Massachusetts data breach reporting laws. The new law, available here, amends the timing and content of individual and regulator...more
Observers of the recent changes in the Massachusetts data breach notification law likely will focus on the addition of the obligation to provide 18 months of credit monitoring following a breach involving Social Security...more
On September 26, 2018, a record settlement was reached between Uber and the attorneys general of all 50 states and the District of Columbia over the company’s 2016 data breach. While this case presents an extreme example of...more
The changes keep coming! In 2018, state legislatures have been active in enacting and amending data breach notification laws. With Alabama’s recent enactment, all 50 states now have data breach notification laws....more
Personal information has become the prey of relentless poachers. In light of the influx of data breaches, state legislatures are taking action. Not surprisingly, now every state has enacted data breach notification laws,...more
California has become the first state to introduce privacy protection for individuals’ personal data comparable to that provided under the European Union’s General Data Protection Regulation (GDPR). The California Consumer...more
California has now enacted the strictest data privacy law in the nation. The Consumer Right to Privacy Act of 2018 ("California Privacy Act"), which is set to go into effect on January 1, 2020, seeks to give consumers more...more
Colorado’s Protections for Consumer Data Privacy law (“new law”) takes effect on September 1, 2018 and requires that businesses holding personal information for Colorado residents destroy the data they don’t need, protect the...more
As most people started to wind down for the July 4th holiday week, California was just ramping up its “as California goes” focus on data privacy. On June 28, 2018, California passed a comprehensive data privacy bill that has...more
Covered businesses will need to update policies and procedures for responding to customer inquiries about collection, use, sale and disclosure of customers’ personal information or face stiff enforcement actions. The...more
On June 28, 2018, the California Privacy Act of 2018 was signed into law by Governor Jerry Brown. The law was approved by the California legislature only hours before and was fast-tracked through the legislative process in...more
Amended breach notification laws recently took effect in Oregon or will soon take effect in Arizona. In both cases, the amended laws heighten existing requirements and reflect broader trends in the breach notification...more
Arizona Governor Doug Ducey recently signed HB 2154 and HB 2311 into law, both taking effect on July 21, 2018. HB 2154 provides employers with additional guidance and updated notice procedures in the event of a data security...more