The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law. It follows a growing trend of changes to privacy and cybersecurity laws at the state level. Texas House Bill … Continue Reading
In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of over 300,000 consumers across the U.S., including nearly 17,000 in New York state. The settlement also requires the online retailer to strengthen … Continue Reading
The Massachusetts Office of the Attorney General has created a new Data Privacy and Security Division. This Division is charged with protecting consumers from the threats to the privacy and security of their data. The Attorney General, Maura Healey, announced “The Data Privacy and Security Division will build on our office’s commitment to empowering Massachusetts … Continue Reading
As the COVID-19 pandemic presses on, privacy and security matters continue to be at the forefront for federal and state legislature. We recently reported that Washington D.C. updated its data breach notification law. Now, the Vermont legislature also amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, … Continue Reading
In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, updates to notification requirements and new credit monitoring obligations. … Continue Reading
In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. In 2017, Maryland amended its Personal Information Protection Act (PIPA) with expansion of the definition of personal information, modification of the definition of “breach of the security of the system,” establishing a 45-day … Continue Reading
On February 21, 2019, California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael) announced Assembly Bill 1130 which intended to strengthen and expand California’s existing data breach notification law. On September 11, 2019, the bill passed both houses of the legislature and was presented to Governor Gavin Newsom. Last Friday, October 11, 2019, … Continue Reading
In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. Illinois Governor J.B. Pritzker recently signed into law an amendment to the Personal Information Protection Act (PIPA), SB 1624, effective January 1, 2020. PIPA will now require that most “data collectors,” which includes … Continue Reading
On Thursday, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), sponsored by Senator Kevin Thomas and Assemblymember Michael DenDekker. The SHIELD Act, which amends the State’s current data breach notification law, imposes more expansive data security and data breach notification requirements on companies, in … Continue Reading
Per our earlier blog post, Texas was ambitious this legislative session when it proposed two consumer data privacy bills. Both bills made it through committee hearings, but only one made it to the governor’s desk for signature: HB 4390. However, even it arrived there very different than originally drafted. HB 4390, dubbed the Texas Privacy … Continue Reading
As we noted last month, Washington’s efforts to follow California’s lead in passing its own GDPR-like law have stalled after the bill failed to make its way through the state’s House of Representatives—despite overwhelming approval in the Senate (where it passed 46-1). That bill’s sponsor has promised to revisit the issue during the 2020 legislative … Continue Reading
On May 10, Governor Phil Murphy signed into law P.L.2019, c.95. an amendment enhancing New Jersey’s data breach notification law by expanding the definition of personal information, and updating notification requirements. As we previously reported, the amendment was unanimously approved by the New Jersey General Assembly and Senate in late February. New Jersey’s data breach notification law … Continue Reading
The much-anticipated amendment to North Carolina’s data breach notification law that we reported on earlier this year (see here) has finally been introduced to the state’s General Assembly. The bill entitled, an Act Amending the Identity Theft Protection Act, House Bill DRH40393-LR10C, is primarily sponsored by State Representatives Jason Saine (R), Brenden H. Jones (R), … Continue Reading
Since the start of 2019, New Jersey has shown it is on the forefront of consumer privacy and security law. Last week we reported on Assembly Bill 3245 (AB 3245) that would enhance the state’s data breach notification requirements. In short, if signed, AB 3245, would require businesses to notify consumers of online account security … Continue Reading
In light of several large-scale breaches of late, the New Jersey General Assembly is taking steps to enhance the state’s data breach notification requirements. In late February, Assembly Bill 3245 (AB 3245), introduced by Assembly Members Ralph Caputo and Carol Murphy, was unanimously approved by both the Assembly and the Senate, and is now headed … Continue Reading
Recently, Business Roundtable, an association for over 200 CEOs of America’s largest companies, released a detailed framework for a national consumer data privacy law that would provide uniformity in an area currently governed by an amalgam of state statutes and regulations. Business Roundtable is hopeful that it has the ear of the Administration and the … Continue Reading
For the second consecutive year Virginia has amended its data breach notification law. In March 2017, in light of a warning issued by the IRS to all employers regarding the resurgence of a W-2 based cyber scam, Virginia Governor Terry McAuliffe approved, a first of its kind, amendment to Virginia’s data breach notification statute. The amendment … Continue Reading
Last month, South Dakota and Alabama became the final two states to enact a data breach notification law. In addition, many other states, in response to trends, heightened public awareness, and a string of large-scale data breaches, have continued amending their existing laws. Arizona is the latest state to update its data breach notification law to … Continue Reading
On March 28th, Alabama Governor Kay Ivey (R) signed into law the Alabama Data Breach Notification Act, Act No. 2018-396, making Alabama the final state to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed into a law a similar statute one-week prior. The Alabama law will take effect June 1, 2018. Being … Continue Reading
It’s official! Alabama is the only remaining state lacking a data breach notification statute. On March 21, 2018 South Dakota Attorney General Marty Jackley announced that Governor Dennis Daugaard signed into law the state’s first data breach notification law, after unanimous approval by both chambers of the state legislature a couple weeks prior. The law … Continue Reading
There are only two states in the U.S. that have yet to enact data breach notification laws, but that may change in 2018. Several weeks ago, the South Dakota state legislature announced that a data breach notification bill (Senate Bill No. 62) was pending. Now, Alabama is following suit. On March 1st, the Alabama Senate … Continue Reading
Only two states in the United States lack data breach notification statutes, but that may change in 2018. If legislation pending in South Dakota passes, Alabama would be the only state without a data breach notification law. South Dakota Senate Bill No. 62 would create a breach notification requirement for any person or business conducting … Continue Reading
Primarily motivated by several recent massive data breaches, Senate Democrats recently introduced a bill geared toward protecting Americans’ personal information against cyber attacks and to ensure timely notification and protection when data is breached. The Consumer Privacy Protection Act of 2017 provides that companies that collect and hold data on at least 10,000 Americans would … Continue Reading
