Mike Nonaka, Libbie Canter, David Stein and Sam Adriance of Covington & Burling write: On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”). Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which…
Category: Breach Laws
Republicans, Democrats Offer Different Views on Preemption During Senate Privacy Hearing
James Strawbridge of Covington & Burling writes: At a February 27, 2019 hearing on “Privacy Principles for a Federal Data Privacy Framework in the United States,” Republican and Democratic members of the Senate Commerce, Science, & Transportation Committee offered different perspectives on whether new federal privacy legislation should preempt state privacy laws. Chairman Roger Wicker…
NJ Measure to Expand Disclosure of Online Breaches Heads to Governor
Suzette Parmley reports that New Jersey is on the verge of expanding its breach notification law as a bill is headed to the Governor’s desk for signature. A-3245/S-52 would amend the law to include among the information triggering a notification requirement: usernames, email addresses, and any passwords or security questions and answers that would permit access…
California to close data breach notification loopholes under new law
Zack Whittaker reports: California, which has some of the strongest data breach notification laws in the U.S., thinks it can do even better. The golden state’s attorney general Xavier Becerra announced a new bill Thursday that aims to close loopholes in its existing data breach notification laws by expanding the requirements for companies to notify…
Turkish Data Protection Authority Announces The Procedure To Be Taken By Companies In Cases Of Data Breaches
Ertuğrul Can Canbolat LL.M., Baran Can Yildirim, LL.M. and S. İrem Akin of Actecon write: Article 12 of the Turkish Data Protection Law No. 6698 (“TurkishData Protection Law“) entitled “Obligations Regarding Data Security” deals with the obligations of the data controller. Article 12/1 of the Turkish Data Protection Law states the data controller shall take…
California Consumer Privacy Act: The Challenge Ahead – The CCPA’s “Reasonable” Security Requirement
Bret Cohen, Paul Otto, Nathan Salminen, and Morgan Perna (law clerk) of Hogan Lovells write: ….This installment of the Hogan Lovells’ CCPA series explains the CCPA’s security requirement and consequences for non-compliance, and describes security controls that most organizations can implement to mitigate this risk. Available statutory penalties The CCPA allows consumers to sue businesses…