Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of Jackson Lewis write that changes to Louisiana’s data breach notification law (Act 382) go into effect on August 1 of this year. Those changes include expansion of the definition of personal information, requirements that notification be made no later than 60 days from discovery of…
Category: Breach Laws
Big Data Breaches Shine Spotlight on Laws Impacting Employee Data Protection
John Litchfield of Foley & Lardner reminds employers that there are new laws coming into effect that impact employers’ collection and protection of employee data. The following laws, he notes, come online this year: Alabama (effective June 1, 2018) Delaware (effective April 14, 2018) Oregon (effective June 2, 2018) South Dakota (effective July 1, 2018)…
WHEN do you have to notify by? State laws vary.
MintzLevin has updated its state data breach law matrix, as I noted previously on the page where I link to such resources. Here’s an excerpt from their matrix: Breach Notification Timeline Time After Discovery of Breach Action Required 10 Calendar Days Puerto Rico Department of Consumer Affairs 14 Business Days Vermont AG preliminary…
Ottawa’s new privacy rules give businesses flexibility on data breach reporting
The Canadian Press reports: Federal data breach regulations set to take effect Nov. 1 will require mandatory reporting of security breaches that pose a “real risk of significant harm,” but give businesses flexibility about how that’s done. Ottawa has rolled out the long-awaited requirements in a notice in the Canada Gazette that indicates the government…
Massachusetts Enacts Law Providing Greater Privacy of Health Insurance Information
Michael Bertoncini writes: Health insurance carriers often provide explanation of benefits (EOB) summaries to the policyholder specifying the type and cost of health care services received by dependents covered by the policy. EOBs often disclose sensitive information regarding the mental or physical health condition of adult dependents. Massachusetts has now enacted a law, an act…
Oregon Amends Data Breach Notification and Information Security Laws
David Stauss of Ballard Spahr writes: In March, we reported that the Oregon legislature was considering amending its data breach notification and information security laws. That legislation has now passed the Oregon legislature and been signed into law by Oregon’s governor. A copy of the new law is available here. The most notable changes are as follows: Amendments to Oregon’s Breach Notification…