On October 11, 2019, California Governor Gavin Newsom signed into law Assembly Bill 1130, which amends The Information Practices Act of 1977, as well as California Civil Code §§ 1798.29, 1798.81.5 and 1798.82. The bill expands the definition of “personal information” under the California data breach notification statutes applicable to businesses and to government agencies.
Read more »Tag: legislative alert
-
Legislative Alert: California Expands Definition of Personal Information Posted on: November 01, 2019 In: Data Privacy & Cybersecurity
-
Illinois Amends Student Online Personal Protection Act, Adding Data Breach Notification Provisions Posted on: September 17, 2019 In: Data Privacy & Cybersecurity
On August 23, 2019, Illinois Governor J.B. Pritzker signed into law the Student Online Personal Protection Act of 2019 (SOPPA). Amending the previous version of SOPPA, this ambitious legislation gives parents greater control over student data, imposes new breach notification requirements, and regulates the collection and use of student data.
Read more »
-
Legislative Alert: New York Expands Data Breach Obligations for Credit Reporting Agencies Posted on: August 15, 2019 In: Data Privacy & Cybersecurity
New York Governor Andrew Cuomo has signed into law Senate Bill S3582, which further expands obligations owed to consumers when a data security breach affects a credit reporting agency.
Read more »
-
Legislative Alert: New York Amends Its Data Breach Notification Law Posted on: August 12, 2019 In: Data Privacy & Cybersecurity
New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, Senate Bill 5575B/Assembly Bill 5635B. The SHIELD Act updates the state’s existing data breach notification law, N.Y. Gen. Bus. Law § 899-aa, and creates a new section, § 899-bb, requiring reasonable data security for “private information” and granting enforcement powers to the attorney general against non-compliant entities.
Read more »
-
Legislative Alert: New Jersey Enacts Legislation to Expand Disclosure of Online Data Breaches Posted on: May 31, 2019 In: Data Privacy & Cybersecurity
On May 10, 2019, New Jersey enacted Senate Bill 52 (SB 52). This bill, which will take effect on September 1, 2019, will require disclosure of data breaches that impact usernames, email addresses, and/or other account holder identifying information belonging to residents of the Garden State when combined with any password or security questions and answers.
Read more »
-
Legislative Alert: Maryland Amends Data Breach Notification Law to Improve Incident Response Posted on: May 16, 2019 In: Data Privacy & Cybersecurity
On April 30, 2019, Maryland enacted an amendment to Maryland’s Personal Information Protection Act (Md. Code Ann. § 14-3504), which becomes effective on October 1, 2019. The amendment was introduced in response to a rise in consumer complaints about identity theft.
Read more »
-
Legislative Alert: Alabama Passes Heightened Cybersecurity Standards for the Insurance Industry Posted on: May 13, 2019 In: Data Privacy & Cybersecurity
On May 1, 2019, Governor Kay Ivey signed Alabama S.B. 54 into law, making Alabama the latest state to pass a law mandating heightened standards within the insurance industry for cybersecurity and data privacy. The Insurance Information Security Program Requirement applies specifically to insurers and other entities licensed by the Alabama Department of Insurance.
Read more »
-
Legislative Alert: Updates to Washington Breach Notification Statute Expected Posted on: May 07, 2019 In: Data Privacy & Cybersecurity
Washington State will soon pass a law that will overhaul its data breach notification requirements, beginning in March 2020. House Bill 1071, which passed both of Washington’s legislative chambers, was presented to Governor Jay Inslee in late April, and the governor is widely expected to sign the bill into law. The bill includes four significant changes to Washington’s existing data breach notification requirements.
Read more »
-
Legislative Alert: Arkansas Amends Personal Information Protection Act Posted on: April 29, 2019 In: Data Privacy & Cybersecurity
On April 15, 2019, Arkansas Governor Asa Hutchinson signed House Bill 1943 into law (now referred to as Act 1030), amending the Personal Information Protection Act, Arkansas Code § 4-110-101 et seq. Act 1030 expands the definition of “personal information” as used in the Personal Information Protection Act and also introduces key new requirements that relate to data breach notification.
Read more »
-
Utah Requires Warrant for Law Enforcement Access to Certain Types of Data Posted on: April 12, 2019 In: Data Privacy & Cybersecurity
On March 27, 2019, Utah Governor Gary Herbert signed House Bill (HB) 57 – known as the Electronic Information or Data Privacy Act – into law, making Utah the first state to protect information that individuals have shared with certain third parties. Among its provisions, HB 57 states that, effective May 14, 2019, law enforcement may not generally obtain certain types of “electronic information or data” for use in a criminal investigation or prosecution without first obtaining a search warrant.
Read more »
-
Virginia & Utah Amend Data Breach Statutes Posted on: April 09, 2019 In: Data Privacy & Cybersecurity
On March 18, 2019, the commonwealth of Virginia enacted House Bill (HB) 2396, amending the commonwealth’s data breach notification statute. Specifically, HB 2396 expanded the commonwealth’s definition of “personal information” sufficient to trigger a notification obligation following a data security incident. Effective July 1, 2019, “personal information” will be defined to include both passport number and military identification number in addition to those data sets that were previously regulated.
Read more »
-
Illinois Expands the Definition of “Injury” Under the Biometric Information Privacy Act Posted on: March 01, 2019 In: Data Privacy & Cybersecurity
A recent decision issued by the Supreme Court of Illinois seems to stand for the proposition that the risk of harm to an individual stemming from a violation of the Illinois Biometric Privacy Act is so great that an impacted individual need not establish actual harm or injury to bring a claim. Rather, according to the Supreme Court of Illinois, exposure to the risk of actual harm or injury, standing alone, is sufficient.
Read more »