Heads up to entities doing business in California: your breach notification obligations are changing. Joseph Lazzarotti of JacksonLewis explains: Governor Gavin Newsom recently signed SB 446 into law, introducing significant changes to California’s data breach notification requirements. The bill establishes deadlines for notifying consumers and the state’s Attorney General when personal information of California residents has been…
Category: Breach Laws
Harrods warns customers their personal data could have been stolen by hackers in new cyber-attack
Aidan Radnedge reports: Harrods has warned some customers that their personal data could have been taken in an IT systems breach – in the latest cyber-attack to hit a major UK firm. The luxury department store based in London’s Knightsbridge said information, such as names and contact details, of its e-commerce customers was taken after…
SEC to Notify Crypto Businesses of Technical Violations Before Taking Action: Report
Wayne Jones reports: A report by the Financial Times revealed that the Securities and Exchange Commission (SEC) plans to issue crypto firms notices of technical violations before taking action. The move is a shift away from the aggressive enforcement approach that was pursued under former President Joe Biden. Trump-appointed SEC Chair Paul Atkins told the Financial Times…
China slaps 1-hour deadline on reporting serious cyber incidents
Paul Kunert reports: Beijing will soon expect Chinese network operators to ‘fess up to serious cyber incidents within an hour of spotting them – or risk penalties for dragging their feet. From November 1, the Cyberspace Administration of China (CAC) will enforce its new National Cybersecurity Incident Reporting Management Measures, a sweeping set of rules that tighten…
English Court of Appeal Rules on Compensation for Data Breaches
There’s an update to Farley v Equiniti. Ann Bevitt and Morgan McCormack of Cooley write: The English Court of Appeal has handed down an important judgment in Farley v. Paymaster (Equiniti) [1] on when compensation may be claimed for nonmaterial damage (such as distress or anxiety) arising out of breaches of the General Data Protection Regulation (GDPR) and the…
3rd Circuit Clarifies Scope of Computer Fraud Abuse Act With Employer’s Policies
Riley Brennan reports: The U.S. Court of Appeals for the Third Circuit clarified this week that an employee’s purported violations of workplace computer use policies cannot be criminalized under federal law as long as there is no evidence of hacking or violations of trade secrets. On Tuesday, the federal appellate court affirmed the U.S. District Court…