John G. Kerkorian, David M. Stauss, Gregory P. Szewczyk, and Kimberly A. Warshawsky of Ballard Spahr write: The Arizona State Legislature is considering proposed legislation that, if enacted, would significantly change the requirements for how Arizona entities respond to data breaches. Under Arizona’s existing breach notification law, entities that conduct business in the state and own or license computerized…
Category: Breach Laws
Big businesses band together in urging lawmakers to sell out your privacy
David Lazarus writes: Twenty-two industry groups, representing thousands of U.S. businesses, sent a letter to Congress the other day calling on lawmakers to pass sweeping data-security rules. At first glance, that seems like a really good thing for consumers. Upon closer inspection, however, the letter suggests these corporate heavyweights are aiming to sell out consumers…
House Passes Cyber Vulnerability Disclosure Reporting Act
Jennifer Martin and Calvin Cohen write: On January 9, the House of Representatives passed the Cyber Vulnerability Disclosure Reporting Act by voice vote. The Act directs the Secretary of the U.S. Department of Homeland Security (“DHS”) to prepare a report describing the policies and procedures that DHS developed to coordinate the cyber vulnerability disclosures. Under…
PH: NPC wants private, public sectors to submit data security incident reports
Roy Stephen C. Canivel reports: The National Privacy Commission (NPC) wants companies and government agencies to submit a report on security incidents that have affected the personal data of their consumers, even if these incidents were unsuccessful. In a statement, the NPC said it is requiring “personal information controllers” (PICs) in both the public and…
FERC Issues Notice of Proposed Rulemaking Aimed at Expanding Data Breach Reporting Obligations
Hunton & Williams explains: On December 21, 2017, the Federal Energy Regulatory Commission (“FERC”) issued a Notice of Proposed Rulemaking (“NOPR”) aimed at expanding mandatory reporting obligations in relation to cybersecurity incidents. In particular, FERC’s NOPR would direct the North American Electric Reliability Corporation (“NERC”) to develop modifications to certain Critical Infrastructure Protection (“CIP”) Reliability…
Businesses Take Note: Updates to Maryland’s Data Breach Notification Law Take Effect January 1, 2018
James Benjamin, Jr. of Pessin Katz Law, P.A. writes: On January 1, 2018, several amendments to the Maryland Personal Information Protection Act, (“MPIPA”) MD Code Ann., Com. Law §14-3501 et seq. will go into effect. Businesses collecting personal information should take note and be prepared. Under the law as amended, the definition of “personal information”…