In the wake of recent, large-scale data breaches, one being the breach at the Office of Personnel Management (OPM) affecting millions of federal employees, a number of bills have been battling their way through Congress to address breach notification and data security requirements at the federal level. There has been an ongoing pattern for years
Connecticut Enacts SB 949 Requiring One Year of Free Identity Theft Protection Services For Certain Data Breaches
Senate Bill 949 is now law in Connecticut, after being signed by Governor Malloy on June 11. As we reported, this law amends the state’s current breach notification mandate to require that for breaches of certain personal information covered business must provide one year of free identity-theft protection for affected persons. So, beginning October
Connecticut May Require Businesses to Offer One Year of Identity Theft Protection Services Following a Data Breach, Joining Other States in Strengthening Notification Laws
Following a string of states across the country that have strengthened their data breach notification laws in recent months, Connecticut is about to amend its law to require, among other things, that businesses provide one year of identity-theft protection for persons affected by the breach. Many businesses already extend such services to breach victims, but,
States Continue to Protect the Personal Social Media Accounts of Employees, with Oregon Likely to Add an Interesting Twist
Over the past few years, states around the country have enacted laws limiting an employer’s ability to access the personal social media accounts of applicants and employees. Earlier this year, Montana’s Governor Steve Bullock signed HB 342 into law. Before that, Virginia enacted a similar measure. On May 19, Connecticut’s Governor added
Will Your Cyber/Breach Insurance Be There When You Need It?
The answer to this question may depend on the actions that the insured takes when it applies for coverage and during the period the policy is in force. The demand for cyberinsurance that is intended to cover exposures from data breaches, among other things, has exploded in recent years, reports The Hill. This is
SEC’s Division of Investment Management Issues Cybersecurity Guidance
In Guidance Update No. 2015-02, the Division of Investment Management (Division) of the Securities and Exchange Commission (SEC) issued some high-level suggestions concerning the importance of cybersecurity for registered investment companies and registered investment advisers. The guidance outlines a number of measures these entities should consider for addressing cybersecurity risks. Of course, while some
EEOC Wellness Program Regulations Offer Best Practices for Medical Record Confidentiality
As reported on our Benefits Law Advisor, the EEOC has issued proposed wellness program regulations. Much of the attention to those proposed rules understandably will be how they would affect the incentives employers have implemented to spur their employees to engage in healthier behaviors. The proposed rules also address, however, the confidentiality provisions under
Next Step in U.S. Postal Service Breach – NLRB Sues Postal Service
As discussed in an earlier post, shortly after the United States Postal Service reported a data breach potentially affecting hundreds of thousands of employees, the American Postal Workers Union filed an unfair labor practice with the National Labor Relations Board alleging the Postal Service should have bargained with the union over the impact and
Email Autofill Error Exposes Personal Information of G20 World Leaders
With breaches caused by payment card thieves and hackers dominating the news, it is easy for mid-sized and small companies to think that data breaches are unfortunate events that affect only large companies. Not only is this sentiment misguided, but in relative terms the information contained in exposed emails can cause far more damage to
Checklists Not Enough When Developing a WISP, FTC Director Comments at IAPP Global Privacy Summit
This year’s IAPP Global Privacy Summit was very informative on a number of fronts, including the helpful insight provided by officials at the Federal Trade Commission (FTC) on a range of topics. A good summary of some of their comments can be found here, which includes concerns they expressed about the Consumer Privacy Bill