Laura Hautala reports: The US doesn’t have a single data privacy law that applies to all fifty states. On Wednesday, a group of 15 US senators indicated it wanted to change the status quo, introducing the Data Care Act. The bill (PDF) would require companies that collect personal data from users to take reasonable steps to safeguard the information….
Category: Breach Laws
FTC Calls For Data Breach Law To ‘Clarify’ Its Authority
Ben Kochman reports: The Federal Trade Commission has called on Congress to “clarify” its authority to regulate data breaches, while responding to the White House’s request for advice on how the administration should handle consumer privacy. In comments posted last week to the U.S. Department of Commerce‘s National Telecommunications and Information Administration, the FTC said…
Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs. The amendment was passed as part of…
Is Your e-PHI Secure? ONC and OCR Update HIPAA Security Risk Assessment Tool
Valerie K. Jackson of Jackson Lewis writes: October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched an updated HIPAA Security Risk Assessment (SRA) Tool to help covered entities and…
House Financial Services Committee passes R.6743
Aaron Lancaster of BakerHostetler has a great privacy rewind for the week that includes action in Congress. He writes: House Committee Passes Federal Data Breach Notification Bill for Financial Institutions The House Financial Services Committee passed R. 6743, the Consumer Information Notification Requirement Act, which would require financial institutions to notify affected customers of a data…
The Significance to Businesses of the California Legislature’s Last-Minute Revisions to the 2018 California Consumer Privacy Act
Akin Gump Strauss Hauer & Feld LLP write: The California Consumer Privacy Act (CCPA), the nation’s broadest privacy protection statute, was enacted by the California Legislature in June 2018 as part of a last-minute deal to stop a proposed statewide ballot measure that could have ushered in an even stricter privacy law. We have written about…