In the absence of action by the U.S. Congress to pass a national data breach notification law, many states stepped into the breach to update their laws this year to add more specific notice guidelines, a requirement to notify the state’s attorney general or another state official, and to require entities that maintain personal information […]
US State Law
Oregon Updates and Expands Data Breach Statute
Oregon has updated its data breach notification statute to broaden the definition of personal information that will trigger notice to individuals and add the requirement to notify the state’s Attorney General of certain breaches. Oregon Governor Kate Brown signed into law SB601 on June 10, and it was enrolled on June 15. The bill updates […]
Connecticut Passes Bill to Require Identity Theft Protection Services In Certain Breaches
On June 11, Connecticut SB949 became a Public Act, after being passed by both chambers of the state legislature. Governor Dannel Malloy can now either sign the bill or take no action for it to become law. SB949 will, among other provisions, require companies that experience a security breach requiring notice to individuals under Connecticut […]
North Dakota Updates Data Breach Law
North Dakota recently amended its data breach notification law to clarify that the obligation to notify individuals of a breach applies to any entity that “owns or licenses” personal information of the residents of North Dakota. Previously, the obligation to report a breach only applied to those “that conduct[ ] business in the state.” In […]
Nevada Expands Definition of Personal Information In Data Security Statute
On May 13, Nevada Governor Brian Sandoval signed Assembly Bill 179, which expands the definition of personal information for purposes of Nevada’s data breach notification and data security law. Effective July 1, 2015, personal information will include an individual’s medical identification number or health insurance identification number and a user name, unique identifier or email […]