Washington State Significantly Expands Data Breach Notification Requirements

Washington State Governor Jay Inslee signed legislation making Washington among the five US states with the most rigorous data breach notification laws enacted to date. Washington joins Florida, Ohio, Vermont, and Wisconsin in imposing strict and specific obligations on any business that has suffered a data breach. The new law is effective July 24, 2015.

Proposed Federal Breach Notification Law: Panacea or Flash in the Pan?

The Obama Administration has just released the proposed text of the Personal Data Notification & Protection Act as the latest step in its uniform federal breach notification initiative. Similar legislative efforts in the past have been unsuccessful, but there remains interest in federal legislation that would eliminate the need to navigate the patchwork of 47 different state breach notification laws. This article will highlight how the proposed federal law compares to most state breach notification requirements, and how it may impact businesses as a practical matter.

California Privacy Laws Change: Identity Theft and Mitigation Services

Continuing the trend of changes in state breach notification and related laws, Cal. A.B. 1710 amends California’s breach notification, security procedures, and Social Security number (SSN) laws in the wake of significant data breaches, particularly in the retail sector. (See “Changes in State Breach Notification Laws.”)

Changes in State Breach Notification Laws

As data breaches continue to occur, breach notification laws are being amended or enacted. In the United States, state and federal breach notification laws should be monitored carefully regarding changes, as should breach notification laws in other countries (e.g., Canada).

As of July 15, 2014, 47 states (other than Alabama, New Mexico, and South Dakota) plus the District of Columbia, Guam, Puerto Rico, and Virgin Islands have breach notification laws. This article addresses changes in state breach notification laws.

Message from New York Court: Rely on CGL Policy Coverage for Data Breaches at Your Own Peril

A New York trial court announced a decision on February 21, 2014, that may be a harbinger of wide-reaching limitations on insurance coverage for data breaches under commercial general liability (CGL) policies. The court’s ruling, while subject to appeal, demonstrates the hazards of relying on traditional CGL policies for coverage for data breaches. The lawsuit, Zurich… Read More

Hacking, Malware, and Social Engineering—Definitions of and Statistics about Cyber Threats Contributing to Breaches

This article was first published on IRMI.com and is reproduced with permission. Copyright 2012, International Risk Management Institute, Inc As breaches continue to occur and affected organizations determine whether and how to disclose these breaches, breaches and disclosure continue to be the subject of reports as well as media, legislative, and regulatory attention. See, for… Read More

Massachusetts Attorney General Enforcement Action: Data Breach, the Massachusetts Privacy Regulation and the Payment Card Industry Data Security Standard (PCI DSS)

Melissa J. Krasnow, Dorsey & Whitney LLP In March 2011, a Final Judgment by Consent was issued in Massachusetts v. Briar Group, LLC, which involves a 2009 Massachusetts data breach and implicates the Massachusetts privacy regulation and the Payment Card Industry Data Security Standard (“PCI DSS”).1 The Massachusetts privacy regulation applies to a person or… Read More

How Not to Investigate a Suspected Data Theft

There are few reported cases that reflect the problems that can result from computer investigations being inexpertly performed. U.S. v. Koo, 2011 WL 777965 (D. Or. March 1, 2011), decided this month by an Oregon federal district court, illustrates what can go wrong when a novice directs a computer investigation. The underlying facts of the… Read More

Facebook’s Lawsuit Protects Its Users Against a Massive Spamming Scheme

On January 26, 2011, the federal district court in the Northern District of California granted Facebook a default judgment against Philip Porembski and PP Web Services LLC for obtaining “login credentials for at least 116,000 Facebook accounts without authorization” and for sending “more than 7.2 million spam messages to Facebook users.” Facebook, Inc. v. Fisher,… Read More

Post navigation