California and Massachusetts Legislatures Push Data Breach and Security Bills

Jason C. Gavejian writes:

In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.

On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents are notified of a data breach. The California bill also would require certain information be included in the notices.

[…]

On April 13, 2011, Massachusetts H.B. 3360 was referred for committee consideration. Under the bill, vendors of photocopiers in Massachusetts that fail to adequately notify purchasers of potential data security risks would be subject to a civil fine of up to $50,000 and could be sued by customers whose personal information is subsequently compromised.

Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
California Sets 30 Day Deadline for Data Breach Notifications
California’s New Delete Request Tool Impacts Data Brokers and Residents
Shad White’s office finds nearly a third of Mississippi's state agencies fail cybersecurity requirements
California hospitals can escape fines if workers expose patient info
Cyber threat-sharing law set to shut down, along with US government

Related: