Ohio recently enacted the Ohio Data Protection Act (2018 SB 220), a law that offers a breach litigation safe harbor to businesses meeting specific cybersecurity standards. While the law does not prevent a plaintiff from filing a lawsuit following a data breach, it does provide an affirmative defense to companies defending themselves against such claims. […]
Board Governance & Cyber Risk Management
India’s Draft Data Protection Bill: Another GDPR Around The Corner?
India recently introduced the Personal Data Protection Bill 2018 (“Bill”). The transfer of personal data in India is currently governed by the SPD Rules (Sensitive Personal Data and Information, 2011), which is however considered outdated and not fully protective of personal data. The Bill comes as a result of the country’s Supreme Court recent judgment […]
California Legislature Amends CCPA
Last Friday, the California Senate and Assembly passed SB-1121, amending the California Consumer Privacy Act (“CCPA”) as enacted in June. We previously issued an advisory following the June enactment, and will host a webinar discussing the law (as now amended) on September 12. This blog post highlights some of the key amendments to the CCPA. […]
Brazil Transitions from Sectoral to Omnibus Privacy Regime
On August 14, Brazil adopted its new General Data Protection Law (LGPD) designed to replace and/or supplement its existing sectoral privacy framework. Brazil’s LGPD echoes many of the components of the GDPR and will likely serve as part of Brazil’s own push for a reciprocal adequacy finding from the European Commission similar to the one […]
South Carolina Enacts Insurance Data Security Act
South Carolina recently enacted a prescriptive data security law for insurers. The law bears resemblance to the New York Department of Financial Services (NYDFS) cybersecurity rules that entered into force last year. In short, the South Carolina law requires licensees (defined below) to develop and implement a comprehensive written information security program (a “WISP”) and […]