On June 28, 2018, the state of California enacted and then-Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law. The CCPA is a robust piece of legislation that substantially expanded the privacy rights of California residents regarding the collection, use, sale, and disclosure of their personal information by certain for-profit businesses that operate or do business in California. The final installment of this three-part series will cover trends and planning.
Read more »Data Privacy & Cybersecurity
-
CCPA’s Final Requirements in Flux, with Six Months to Go to Comply - Part 3 of 3: Trends and Planning – What it All Means Posted on: June 07, 2019 In: Data Privacy & Cybersecurity
-
CCPA’s Final Requirements in Flux, with Six Months to Go to Comply - Part 2 of 3: General Observations on Pending Amendments to the CCPA Posted on: June 05, 2019 In: Data Privacy & Cybersecurity
On June 28, 2018, the state of California enacted and then-Governor Jerry Brown signed the California Consumer Privacy Act (“CCPA”) into law. The CCPA is a robust piece of legislation that substantially expanded the privacy rights of California residents regarding the collection, use, sale, and disclosure of their personal information by certain for-profit businesses that operate or do business in California. Part 2 of this three-part series will look at pending amendments to the CCPA.
Read more »
-
CCPA’s Final Requirements in Flux, with Six Months to Go to Comply - Part 1 of 3: Where Does the Law Stand Now? Posted on: June 03, 2019 In: Data Privacy & Cybersecurity
On June 28, 2018, the state of California enacted and then-Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law. The CCPA is a robust piece of legislation that substantially expanded the privacy rights of California residents regarding the collection, use, sale, and disclosure of their personal information by certain for-profit businesses that operate or do business in California. Part 1 of this three-part series will examine the current state of the law.
Read more »
-
Legislative Alert: New Jersey Enacts Legislation to Expand Disclosure of Online Data Breaches Posted on: May 31, 2019 In: Data Privacy & Cybersecurity
On May 10, 2019, New Jersey enacted Senate Bill 52 (SB 52). This bill, which will take effect on September 1, 2019, will require disclosure of data breaches that impact usernames, email addresses, and/or other account holder identifying information belonging to residents of the Garden State when combined with any password or security questions and answers.
Read more »
-
Legislative Alert: Maryland Amends Data Breach Notification Law to Improve Incident Response Posted on: May 16, 2019 In: Data Privacy & Cybersecurity
On April 30, 2019, Maryland enacted an amendment to Maryland’s Personal Information Protection Act (Md. Code Ann. § 14-3504), which becomes effective on October 1, 2019. The amendment was introduced in response to a rise in consumer complaints about identity theft.
Read more »
-
Legislative Alert: Alabama Passes Heightened Cybersecurity Standards for the Insurance Industry Posted on: May 13, 2019 In: Data Privacy & Cybersecurity
On May 1, 2019, Governor Kay Ivey signed Alabama S.B. 54 into law, making Alabama the latest state to pass a law mandating heightened standards within the insurance industry for cybersecurity and data privacy. The Insurance Information Security Program Requirement applies specifically to insurers and other entities licensed by the Alabama Department of Insurance.
Read more »
-
Legislative Alert: Updates to Washington Breach Notification Statute Expected Posted on: May 07, 2019 In: Data Privacy & Cybersecurity
Washington State will soon pass a law that will overhaul its data breach notification requirements, beginning in March 2020. House Bill 1071, which passed both of Washington’s legislative chambers, was presented to Governor Jay Inslee in late April, and the governor is widely expected to sign the bill into law. The bill includes four significant changes to Washington’s existing data breach notification requirements.
Read more »
-
The Threat Sitting Next To You: Defending Cyber Insider Attacks Posted on: May 03, 2019 In: Data Privacy & Cybersecurity
Each year, companies wisely invest in advanced perimeter security devices and software to secure their electronic data and thwart cyber attacks. Unfortunately, despite that well-reasoned approach, the greatest threat to data security may be someone within the organization’s own walls.
Read more »
-
Legislative Alert: Arkansas Amends Personal Information Protection Act Posted on: April 29, 2019 In: Data Privacy & Cybersecurity
On April 15, 2019, Arkansas Governor Asa Hutchinson signed House Bill 1943 into law (now referred to as Act 1030), amending the Personal Information Protection Act, Arkansas Code § 4-110-101 et seq. Act 1030 expands the definition of “personal information” as used in the Personal Information Protection Act and also introduces key new requirements that relate to data breach notification.
Read more »
-
Digital Forensic Experts are a Resource for IT Professionals Posted on: April 23, 2019 In: Data Privacy & Cybersecurity
One of the best qualities an information technology (IT) professional can possess is the tenacity to fully troubleshoot and resolve system issues as they occur. Unfortunately, that same drive and sense of urgency to gather relevant facts and to restore inoperable systems as quickly as possible can create issues for the necessary digital forensic investigations following a data security incident.
Read more »
-
Utah Requires Warrant for Law Enforcement Access to Certain Types of Data Posted on: April 12, 2019 In: Data Privacy & Cybersecurity
On March 27, 2019, Utah Governor Gary Herbert signed House Bill (HB) 57 – known as the Electronic Information or Data Privacy Act – into law, making Utah the first state to protect information that individuals have shared with certain third parties. Among its provisions, HB 57 states that, effective May 14, 2019, law enforcement may not generally obtain certain types of “electronic information or data” for use in a criminal investigation or prosecution without first obtaining a search warrant.
Read more »
-
Virginia & Utah Amend Data Breach Statutes Posted on: April 09, 2019 In: Data Privacy & Cybersecurity
On March 18, 2019, the commonwealth of Virginia enacted House Bill (HB) 2396, amending the commonwealth’s data breach notification statute. Specifically, HB 2396 expanded the commonwealth’s definition of “personal information” sufficient to trigger a notification obligation following a data security incident. Effective July 1, 2019, “personal information” will be defined to include both passport number and military identification number in addition to those data sets that were previously regulated.
Read more »