On October 6, California Governor Jerry Brown signed into law two different updates to California’s data breach notification statute. Both updates will become effective on January 1, 2016. The first update, AB 964, defines “encrypted” for purpose of the statute to mean ”rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology […]
Legislation
Third Circuit Affirms FTC’s Authority to Regulate Data Security
On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here […]
Illinois Governor Vetoes Data Protection Bill; Suggests Revisions
Illinois Governor Bruce Rauner vetoed a bill amending the state’s data breach notification law on August 21, 2015, saying in a letter to the General Assembly that the bill “goes too far, imposing duplicative and burdensome requirements that are out-of-step with other states.” The bill, S.B. 1833, would have amended Illinois’ Personal Information Protection Act […]
Amended Washington Data Breach Law Requires Attorney General Notification, Imposes 45-Day Notice Time Limit
Earlier this year, Washington passed an amended version of its data breach notification law, which goes into effect Friday July 24, 2015. Washington’s updated breach notification statute will now, among other things, require compromised entities to notify the state Attorney General (AG) in some circumstances, and require notification to both consumers and, as applicable, the […]
Rhode Island Updates Identity Theft Protection Act; Requires Notice Within 45 Days of Data Breach
In the absence of action by the U.S. Congress to pass a national data breach notification law, many states stepped into the breach to update their laws this year to add more specific notice guidelines, a requirement to notify the state’s attorney general or another state official, and to require entities that maintain personal information […]