Caleb Skeath and Brooke Kahn of Covington & Burling provide a useful recap of changes in 2018 that will impact us in 2019: …. Following up on our global year-end review of major privacy and cybersecurity developments, we’ve summarized the major developments and trends observed with regards to state data breach notification laws over the past…
Category: Breach Laws
US Breach Laws Are Coming: South Carolina
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance Data Security Model Law. South Carolina was the first to…
US Breach Laws Are Coming: Vermont
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom…
Federal data privacy bill introduced by 15 US senators
Laura Hautala reports: The US doesn’t have a single data privacy law that applies to all fifty states. On Wednesday, a group of 15 US senators indicated it wanted to change the status quo, introducing the Data Care Act. The bill (PDF) would require companies that collect personal data from users to take reasonable steps to safeguard the information….
FTC Calls For Data Breach Law To ‘Clarify’ Its Authority
Ben Kochman reports: The Federal Trade Commission has called on Congress to “clarify” its authority to regulate data breaches, while responding to the White House’s request for advice on how the administration should handle consumer privacy. In comments posted last week to the U.S. Department of Commerce‘s National Telecommunications and Information Administration, the FTC said…
Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs. The amendment was passed as part of…