Medium, large, supersize... even fast food meals come in different sizes. After all, we want to be able to choose what is right for us and what meets our specific needs. Legal representation for cybersecurity incidents is no different. It should be customized to fit each client’s particular situation, addressing the nuances of the event and ensuring that the response is proportionate. There is no one size fits all approach to legal notification, especially where consumers or clients need to be informed.
Read more »Tag: consumer notification
-
Legal Notification – One Size Does Not Fit All Posted on: May 21, 2021 In: Data Privacy & Cybersecurity
-
Washington State Data Breach Notification Statute Updates Go Into Effect, Imposing New Requirements on Businesses Posted on: March 17, 2020 In: Data Privacy & Cybersecurity
Effective March 1, 2020, amendments to the Washington State data breach notification statute made the law significantly more onerous for companies dealing with data security incidents. The amendments, which we first covered in May 2019, expanded the definition of personal information, shortened the deadlines for notification, and imposed additional requirements for notice contents.
Read more »
-
Legislative Alert: New York Amends Its Data Breach Notification Law Posted on: August 12, 2019 In: Data Privacy & Cybersecurity
New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, Senate Bill 5575B/Assembly Bill 5635B. The SHIELD Act updates the state’s existing data breach notification law, N.Y. Gen. Bus. Law § 899-aa, and creates a new section, § 899-bb, requiring reasonable data security for “private information” and granting enforcement powers to the attorney general against non-compliant entities.
Read more »
-
Legislative Alert: New Jersey Enacts Legislation to Expand Disclosure of Online Data Breaches Posted on: May 31, 2019 In: Data Privacy & Cybersecurity
On May 10, 2019, New Jersey enacted Senate Bill 52 (SB 52). This bill, which will take effect on September 1, 2019, will require disclosure of data breaches that impact usernames, email addresses, and/or other account holder identifying information belonging to residents of the Garden State when combined with any password or security questions and answers.
Read more »
-
Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services Posted on: January 24, 2019 In: Data Privacy & Cybersecurity
Massachusetts recently updated its breach notification statute, requiring an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. The changes go into effect on April 10, 2019
Read more »
-
New Canadian Data Breach Notification Requirements Take Effect as PIPEDA Amendments Come Into Force Posted on: October 31, 2018 In: Data Privacy & Cybersecurity
On November 1, 2018, the long-awaited amendments to Canada’s main federal data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), take effect.
Read more »
-
Colorado Amends Data Breach Notification Statute Posted on: June 18, 2018 In: Data Privacy & Cybersecurity
On May 29, 2018, Colorado Governor John Hickenlooper signed House Bill (“HB”) 1128 into law, amending the State’s data breach notification statute and imposing significant new requirements on entities that must notify Colorado residents of a data incident pursuant to Colo. Rev. Stat. § 6-1-716.
Read more »
-
The United States of Data Breach Notification Posted on: April 10, 2018 In: Data Privacy & Cybersecurity
The absence of comprehensive federal legislation on data breach notification has led to the development of a patchwork of state laws to ensure that individuals receive timely notification of data breaches that might impact their personal data.
Read more »
-
Oregon Amends Data Breach Notification Law Posted on: April 09, 2018 In: Data Privacy & Cybersecurity
In March 2018, Oregon Governor Kate Brown signed into law new measures to strengthen the state’s existing data breach notification statute, ORS § 646A.604. The legislation is set to take effect in June 2018 and, among other things, will require organizations that experience a data breach affecting Oregon residents to notify affected individuals of the data breach within 45 days of its discovery, unless asked to delay notification by law enforcement.
Read more »
-
GDPR, Part II: Personal Data Breach Notification Requirements Posted on: November 01, 2017 In: Data Privacy & Cybersecurity
This seven-part series analyzes the ways in which the General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, will impact the regulatory landscape for entities doing business with, or transacting in the data of European Union citizens. The first part of the series provides an overview of the history of pre-GDPR European data protection law. Future installments will each address a discrete aspect of the GDPR itself.
Read more »
-
State of the (State) Data Breach Laws: 2017 Legislative Update, Part III Posted on: October 24, 2017 In: Data Privacy & Cybersecurity
With 2017 nearing its end, the legislative activity in most state capitals has wound down and the majority of legislatures have ended their 2017 sessions. In Part I and Part II of our series, we looked at how a number of states amended or enacted data breach notification-related legislation (Arkansas, Delaware, Maryland, New Mexico, and Tennessee).
Read more »
-
State of the (State) Data Breach Laws: 2017 Legislative Update, Part II Posted on: October 12, 2017 In: Data Privacy & Cybersecurity
As we noted in Part I of our series, state legislatures across the country continued to refine and reshape their respective data breach notification requirements during the 2017 legislative session. While a handful of states were successful in passing new data breach notification legislation, some of those states significantly revised just when, how, and under what circumstances an entity has to notify affected consumers of a data breach.
Read more »