The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number, email address, and age of thousands of […]
Data Breach
Washington State Amends Data Breach Notification Law
On May 7, 2019, Washington amended its data breach notification law (HB 1071). The amendment shortens the period in which notice must be provided, expands the definition of personal information, adds further content requirements for notification letters, and changes the way in which notifications must be delivered in certain circumstances. Timing of Notice. The amendment […]
Federal Prosecutors Announce Indictment of Chinese Hackers Involved in 2015 Anthem Data Breach
On May 9, 2019, a federal grand jury unsealed an indictment of two members of a Chinese hacking group charged with a series of computer intrusions, including their involvement in the 2015 data breach at Anthem Inc., which affected the data of over 78 million people. In an announcement by the Justice Department’s Criminal Division, […]
Spring Legislative Update: Two New Laws and Two Amendments
Legislative and regulatory activity continues apace, with four states making changes to their data privacy and cybersecurity legislation in the past month alone. West Virginia and Mississippi enacted new legislation while Virginia and Utah amended their existing data breach notification laws. Virginia On March 18, 2019, Virginia amended its data breach notification statute. (VA HB […]
FTC Announces New Cybersecurity Requirements, Privacy Rule Update
In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm Leach Bliley Act, and the FTC seeks comments for both. The FTC’s proposed update to the Safeguards Rule would impose a number of information security […]