On March 27, 2019, Utah Governor Gary Herbert signed House Bill (HB) 57 – known as the Electronic Information or Data Privacy Act – into law, making Utah the first state to protect information that individuals have shared with certain third parties. Among its provisions, HB 57 states that, effective May 14, 2019, law enforcement may not generally obtain certain types of “electronic information or data” for use in a criminal investigation or prosecution without first obtaining a search warrant.
Read more »Tag: legislative alert
-
Utah Requires Warrant for Law Enforcement Access to Certain Types of Data Posted on: April 12, 2019 In: Data Privacy & Cybersecurity
-
Virginia & Utah Amend Data Breach Statutes Posted on: April 09, 2019 In: Data Privacy & Cybersecurity
On March 18, 2019, the commonwealth of Virginia enacted House Bill (HB) 2396, amending the commonwealth’s data breach notification statute. Specifically, HB 2396 expanded the commonwealth’s definition of “personal information” sufficient to trigger a notification obligation following a data security incident. Effective July 1, 2019, “personal information” will be defined to include both passport number and military identification number in addition to those data sets that were previously regulated.
Read more »
-
Illinois Expands the Definition of “Injury” Under the Biometric Information Privacy Act Posted on: March 01, 2019 In: Data Privacy & Cybersecurity
A recent decision issued by the Supreme Court of Illinois seems to stand for the proposition that the risk of harm to an individual stemming from a violation of the Illinois Biometric Privacy Act is so great that an impacted individual need not establish actual harm or injury to bring a claim. Rather, according to the Supreme Court of Illinois, exposure to the risk of actual harm or injury, standing alone, is sufficient.
Read more »
-
Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services Posted on: January 24, 2019 In: Data Privacy & Cybersecurity
Massachusetts recently updated its breach notification statute, requiring an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. The changes go into effect on April 10, 2019
Read more »
-
Colorado Amends Data Breach Notification Statute Posted on: June 18, 2018 In: Data Privacy & Cybersecurity
On May 29, 2018, Colorado Governor John Hickenlooper signed House Bill (“HB”) 1128 into law, amending the State’s data breach notification statute and imposing significant new requirements on entities that must notify Colorado residents of a data incident pursuant to Colo. Rev. Stat. § 6-1-716.
Read more »
-
Oregon Amends Data Breach Notification Law Posted on: April 09, 2018 In: Data Privacy & Cybersecurity
In March 2018, Oregon Governor Kate Brown signed into law new measures to strengthen the state’s existing data breach notification statute, ORS § 646A.604. The legislation is set to take effect in June 2018 and, among other things, will require organizations that experience a data breach affecting Oregon residents to notify affected individuals of the data breach within 45 days of its discovery, unless asked to delay notification by law enforcement.
Read more »