On December 5, 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against Evil Corp, a Russian cybercriminal organization that is known for distributing the Dridex malware. Dridex is a banking trojan that has been used to target financial institutions across the globe and has resulted in more than $100 million […]
Crisis & Data Breach Response
New Hampshire Passes Insurance Data Security Law
New Hampshire recently passed its Insurance Data Security Law based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The law will go into effect January 1, 2020. New Hampshire is one of several states, including Alabama, Connecticut, Delaware, Michigan, Mississippi, Ohio, and South Carolina, that has passed an insurance data […]
The CCPA Could Reset Data Breach Litigation Risks
While much has been written about the California Consumer Privacy Act (“CCPA”), the focus has primarily been on the new rights it affords California consumers to have access to and control use of their data and opt out of many transfers to third parties. While this is a sea change in data privacy legislation in […]
Oregon Extends Data Breach Notification Obligations to Third Parties
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684 (SB 684). SB 684 amends the Oregon Consumer Identity Theft Protection Act (“OCITPA”) by extending data breach notification obligations to vendors and by broadening the definition of “personal information” to include information used to access an online account. SB684 extends breach […]
Illinois and Texas Amend Data Breach Notification Laws
On May 27, Illinois and Texas voted to amend their respective data breach notification laws. Illinois amendment SB 1624 requires notice to the state’s Attorney General for data breaches involving a certain threshold of individuals. Texas amendment HB 4390 also requires notice to the state’s Attorney General for data breaches above a threshold, changes the […]