On September 27, 2013, California Governor Brown signed into law S.B. 46, amending California’s data security breach notification law California Civil Code Section 1798.82. The new law builds upon existing requirements for prompt consumer notification whenever individuals have had their passwords, usernames or security question and answers compromised. It expands the definition of personal information […]
Board Governance & Cyber Risk Management
California S.B. 46 Expands Data Breach Notification Law to Include Breaches of User Names and Email Addresses for Online Accounts
California Governor Brown is preparing to sign into law a new data security breach notification bill (S.B. 46) that expands the coverage of California’s existing breach law to include breaches of individuals’ online user names and email addresses, when acquired in combination with passwords or a security question and answer that would permit access to […]
NIST Meeting to Finalize Cybersecurity Framework
Ongoing efforts to finalize a framework for the development of voluntary cybersecurity standards for critical infrastructure industries continued in Dallas this week. NIST led a workshop with government and private sector officials to work through the details of the draft framework published on August 28th and required under Executive Order 13636. A formal proposal will be issued for […]
New European Data Breach Rules for Telcos and ISPs
On August 25, 2013, a new European Regulation came into effect that changed and expanded upon the breach notification procedures set forth in the E-Privacy Directive (2002/58/EC). The Regulation outlines two independent notification obligations: (1) notification to the relevant national authority within 24 hours after detection of a personal breach where feasible; and (2) notification […]