2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
Iowa becomes the fourth U.S. state to provide an affirmative defense for companies that adopt a cybersecurity framework - Iowa is the fourth state—following Ohio, Connecticut, and Utah—to provide a statutory incentive for...more
In April, Kentucky (HB 474) and Maryland (SB 207) adopted insurance data security legislation based on the National Association of Insurance Commissioners (NAIC) model law. A total of 15 states have adopted the NAIC Model...more
In addition to recently passing a cybersecurity safe harbor law, Connecticut also updated its data breach notification law. Connecticut joins Texas in passing changes to breach notification requirements this year. There are...more
Connecticut has become the third state to enact a cybersecurity safe harbor statute. On June 16 and July 6, 2021, Connecticut Governor Ned Lamont signed two new cybersecurity laws that continue the national trend of...more
In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons...more
States continue to enhance and expand their breach notification requirements, increasing the scope of breaches that require notice as well as the complexity of compliance. Four jurisdictions—Vermont, the District of Columbia,...more
The new data security requirements provision of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into full force as of March 21, 2020, and all people and businesses, regardless of the state in...more
One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week. ...more
Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more
New data retention limitations and disposal requirements on some types of businesses in New York will go into effect on March 21, 2020, under the Stop Hacks and Improve Electronic Data Security (SHIELD Act) that was signed...more
From late June 2019 through mid-October 2019, a handful of states amended their data breach notification statutes. Specifically, six states amended their states to (1) require notice to the State Attorney General, (2) broaden...more
As mega-breaches heighten concern about the security of personal information and a federal solution does not appear forthcoming, New York recently joined the growing list of states imposing their own security obligations on...more
New York has joined California, Massachusetts, and Colorado in adopting a law that requires businesses that collect private information on residents to implement reasonable cybersecurity safeguards to protect that...more
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more
On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") amending New York's data breach notification law. This adds to the growing list of states...more
On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The SHIELD Act modifies the current Breach Notification Law to expand the types of data...more
Louisiana Governor John Bel Edwards, for the first time in history, declared a statewide cybersecurity emergency last week, following cyber-attacks against several school systems in the state. ...more
In this month's edition of our Privacy & Cybersecurity Update, we examine New York's new laws expanding consumer protection for data breaches, the D.C. Circuit's two rulings deepening the split regarding standing in data...more
New York Governor Andrew M. Cuomo signed a bill into law last week that expands New York’s data breach notification law. The Stop Hacks and Improve Electronic Data Security (SHIELD) Act brings the New York data breach...more
On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”), making key changes to New York’s data breach notification and cybersecurity laws....more
Connecticut Governor Ned Lamont recently signed into law Public Act No. 19-117 (PA 19-117), which contains provisions affecting health care providers, including revisions to the hospital provider tax, a prohibition on...more
Over the past six months, a significant number of states have amended their data breach notification statutes. Specifically, thirteen states have amended their statutes to: (1) require notice to the State Attorney General,...more
On May 29, 2019, Nevada Governor Steve Sisolak signed into law Senate Bill 220 (SB 220), which allows a Nevada consumer to “opt-out” of the sale of his or her personal information to a third party. ...more
Game-changing Calif. Consumer Privacy Act of 2018 puts statutory breach damages on the table - The recently-enacted California Consumer Privacy Act of 2018 is a game-changer in a number of respects. The Act imports...more