Washington State Significantly Expands Data Breach Notification Requirements

Washington State Governor Jay Inslee signed legislation making Washington among the five US states with the most rigorous data breach notification laws enacted to date. Washington joins Florida, Ohio, Vermont, and Wisconsin in imposing strict and specific obligations on any business that has suffered a data breach. The new law is effective July 24, 2015.

GUEST BLOG: Phishing Scam, BYOD and Other Cybersecurity Tips

Guest Blogger Peter S. Vogel is a trial partner at Gardere Wynne Sewell LLP where he is Chair of the eDiscovery Group and the Internet, eCommerce, & Technology Team, and before practicing law he worked as a systems programmer, received a Masters in Computer Science, and taught graduate courses in information systems.   In addition to… Read More

New Tools for Companies Against Cybercrime

On January 2015, the Obama administration announced a series of proposals to strength­en the country’s response to cyberattacks­ including, most notably, specific amendments to the federal computer crime statute, the Computer Fraud and Abuse Act (CFAA). These changes are not only significant to the cyber­ crime-fighting efforts of federal prosecutors, but also to private companies. This is because the CFAA allows compa­nies victimized by violations of the statute to bring civil actions against the perpetrators. 18 U.S.C. 1030(g). The CFAA, among other things, makes it a crime when an individual “accesses” a computer “without authorization or exceeds authorized access” to steal data.

Board Oversight of Cyberrisks: Directors and Officers Litigation

The duty of a board to monitor and oversee organizational risk includes cyberrisks. As cyberrisks and incidents proliferate, boards are seeking to enhance the information they receive about cyberrisks and incidents. One development boards should be aware of is the decision in the Palkon v. Holmes directors and officers (D&O) litigation (2014 U.S. Dist. LEXIS 148799 (D.N.J. Oct. 20, 2014)).

Proposed Federal Breach Notification Law: Panacea or Flash in the Pan?

The Obama Administration has just released the proposed text of the Personal Data Notification & Protection Act as the latest step in its uniform federal breach notification initiative. Similar legislative efforts in the past have been unsuccessful, but there remains interest in federal legislation that would eliminate the need to navigate the patchwork of 47 different state breach notification laws. This article will highlight how the proposed federal law compares to most state breach notification requirements, and how it may impact businesses as a practical matter.

To Catch an E-Thief — Under Federal Property Law

The fundamental shift for busi­nesses in the past 15 years from paper documents to computer data has forced the courts to decide whether intan­gible electronic data should enjoy the same legal protections as physical property.

Because of this shift, it is important to review the judicial response to the electronic-data issue in the context of a feder­al criminal statute, the National Stolen Property Act (NSPA), and common law conversion.

The NSPA makes it a felony for one who “transports, transmits, or transfers in interstate or foreign commerce any goods, wares, mer­chandise … of the value of $5,000 or more, knowing the same to have been stolen, converted or taken by fraud.” Conversion is the state civil cause of action for the theft of property.

California Privacy Laws Change: Identity Theft and Mitigation Services

Continuing the trend of changes in state breach notification and related laws, Cal. A.B. 1710 amends California’s breach notification, security procedures, and Social Security number (SSN) laws in the wake of significant data breaches, particularly in the retail sector. (See “Changes in State Breach Notification Laws.”)

Changes in State Breach Notification Laws

As data breaches continue to occur, breach notification laws are being amended or enacted. In the United States, state and federal breach notification laws should be monitored carefully regarding changes, as should breach notification laws in other countries (e.g., Canada).

As of July 15, 2014, 47 states (other than Alabama, New Mexico, and South Dakota) plus the District of Columbia, Guam, Puerto Rico, and Virgin Islands have breach notification laws. This article addresses changes in state breach notification laws.

SEC Playing  Bigger Role in Cybersecurity

Cybersecurity threats have reached a point where they cannot go ignored by any government agency,even the U.S. Securities and Exchange Commission. Although an agency that is tasked with protecting investors is not one that typically comes to mind in the battle against cyberthreats,the SEC does maintain jurisdiction over cybersecurity issues for public companies, broker dealers and investment advisers, due to its responsibilities for ensuring the disclosure of material information, integrity of market systems and customer data protection.

Post navigation