On October 23, 2019, New York’s new breach notification provisions came into effect, a result of New York’s passage of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) in July. That Act overhauled New York’s data privacy framework, expanding the list of data elements that are considered “private information” while growing the […]
Data Security
New Hampshire Passes Insurance Data Security Law
New Hampshire recently passed its Insurance Data Security Law based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The law will go into effect January 1, 2020. New Hampshire is one of several states, including Alabama, Connecticut, Delaware, Michigan, Mississippi, Ohio, and South Carolina, that has passed an insurance data […]
The CCPA Could Reset Data Breach Litigation Risks
While much has been written about the California Consumer Privacy Act (“CCPA”), the focus has primarily been on the new rights it affords California consumers to have access to and control use of their data and opt out of many transfers to third parties. While this is a sea change in data privacy legislation in […]
Oregon Extends Data Breach Notification Obligations to Third Parties
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684 (SB 684). SB 684 amends the Oregon Consumer Identity Theft Protection Act (“OCITPA”) by extending data breach notification obligations to vendors and by broadening the definition of “personal information” to include information used to access an online account. SB684 extends breach […]
Illinois and Texas Amend Data Breach Notification Laws
On May 27, Illinois and Texas voted to amend their respective data breach notification laws. Illinois amendment SB 1624 requires notice to the state’s Attorney General for data breaches involving a certain threshold of individuals. Texas amendment HB 4390 also requires notice to the state’s Attorney General for data breaches above a threshold, changes the […]