The IAPP article, “US federal privacy preemption part 1: History of federal preemption of stricter state laws,” written by Alston & Bird Senior Counsel Peter Swire and published on January 9, 2019, discusses the potential for a general U.S. privacy law and whether and to what extent this new federal law would “preempt” state privacy […]
US State Law
South Carolina Insurance Data Security Law Now Effective
South Carolina’s prescriptive data security law for insurers took effect on January 1, 2019. Subject to specified exemptions, the law requires any person licensed pursuant to South Carolina insurance laws to take certain steps, including among other things notification of specified cybersecurity events to the South Carolina Department of Insurance. Covered persons are also required […]
An Update on the California Consumer Privacy Act and Its Private Right of Action
While it remains to be seen what the final text of the California Consumer Privacy Act (CCPA) looks like when it is ultimately implemented on January 1, 2020, at present it seems likely that businesses and employers can expect an influx of lawsuits from individual consumers proceeding under the CCPA’s private right of action. Under […]
Landmark New Privacy Law in California to Challenge Businesses Nationwide
Following our June 4 and July 2, 2018 blog posts tracking California’s November 2018 ballot measure turned hastily enacted new California privacy law titled The California Consumer Privacy Act of 2018 (CCPA), Alston & Bird’s Privacy & Data Security Group released a more detailed “first look” review of California’s sweeping new law. The advisory provides an overview of […]
Oregon and Arizona Amend Breach Notification Laws
Amended breach notification laws recently took effect in Oregon or will soon take effect in Arizona. In both cases, the amended laws heighten existing requirements and reflect broader trends in the breach notification landscape at the state level, including by expanding the scope of “personal information” that triggers notification and requiring notification within a specified […]