EU-US Data Transfer Privacy Shield: Political Agreement Achieved Regarding “Safe Harbor 2.0”

By:  Barry Glazer, Ron Moscona and Chris Koa Significant uncertainty and concern regarding US companies’ ability to process and use personal data received from the EU has loomed since the October  2015 decision by Europe’s highest court invalidating the EU-US Safe Harbor.  US and EU regulators earlier this week  announced conceptual agreement regarding a new… Read More

Cross-Atlantic data flows following Schrems

By:  Ron Moscona, Partner Dorsey & Whitney On 6 November 2015, The EU Commission published a communication addressed to the European Parliament and the EU Council, in an attempt to reduce current legal uncertainties surrounding the transfer of personal data from European Union countries to the U.S. The communication follows on the decision of the… Read More

Time Is Precious with Computer-Hacking Claims

A recent ruling shows that plaintiffs must act fast when using a federal criminal statute for a civil suit.

The U.S. Court of Appeals for the Second Circuit in August addressed the proper application of the statute of limitations to a civil action—in the context of allegations of malicious statements made on the Internet over a broken romance and sexual misconduct—brought under the federal computer crime statute, the Computer Fraud and Abuse Act (CFAA). The case was Sewell v. Bernardin.

The ‘Safe Harbor’ Scheme Coming Under Challenge

By: Ron Moscona, a partner in Dorsey & Whitney’s London Office The Court of Justice of the European Union (“CJEU”) held yesterday, in its decision in Schrems v. Data Protection Commissioner[1], that the decision of the European Commission of July 2000 which provides the legal basis under EU law for the “Safe Harbor” scheme is… Read More

Guidance for Incident Response Plans  

Author: Melissa Krasnow Organizations are preparing for data incidents and breaches by developing, updating, implementing, and testing incident response plans. This article provides a checklist of key components of an incident response plan. Following are items from state and federal sources of guidance: “Best Practices for Victim Response and Reporting of Cyber Incidents”(April 2015) issued… Read More

Washington State Significantly Expands Data Breach Notification Requirements

Washington State Governor Jay Inslee signed legislation making Washington among the five US states with the most rigorous data breach notification laws enacted to date. Washington joins Florida, Ohio, Vermont, and Wisconsin in imposing strict and specific obligations on any business that has suffered a data breach. The new law is effective July 24, 2015.

Board Oversight of Cyberrisks: Directors and Officers Litigation

The duty of a board to monitor and oversee organizational risk includes cyberrisks. As cyberrisks and incidents proliferate, boards are seeking to enhance the information they receive about cyberrisks and incidents. One development boards should be aware of is the decision in the Palkon v. Holmes directors and officers (D&O) litigation (2014 U.S. Dist. LEXIS 148799 (D.N.J. Oct. 20, 2014)).

Proposed Federal Breach Notification Law: Panacea or Flash in the Pan?

The Obama Administration has just released the proposed text of the Personal Data Notification & Protection Act as the latest step in its uniform federal breach notification initiative. Similar legislative efforts in the past have been unsuccessful, but there remains interest in federal legislation that would eliminate the need to navigate the patchwork of 47 different state breach notification laws. This article will highlight how the proposed federal law compares to most state breach notification requirements, and how it may impact businesses as a practical matter.

California Privacy Laws Change: Identity Theft and Mitigation Services

Continuing the trend of changes in state breach notification and related laws, Cal. A.B. 1710 amends California’s breach notification, security procedures, and Social Security number (SSN) laws in the wake of significant data breaches, particularly in the retail sector. (See “Changes in State Breach Notification Laws.”)

Changes in State Breach Notification Laws

As data breaches continue to occur, breach notification laws are being amended or enacted. In the United States, state and federal breach notification laws should be monitored carefully regarding changes, as should breach notification laws in other countries (e.g., Canada).

As of July 15, 2014, 47 states (other than Alabama, New Mexico, and South Dakota) plus the District of Columbia, Guam, Puerto Rico, and Virgin Islands have breach notification laws. This article addresses changes in state breach notification laws.

Post navigation