Roy Stephen C. Canivel reports: The National Privacy Commission (NPC) wants companies and government agencies to submit a report on security incidents that have affected the personal data of their consumers, even if these incidents were unsuccessful. In a statement, the NPC said it is requiring “personal information controllers” (PICs) in both the public and…
Category: Breach Laws
FERC Issues Notice of Proposed Rulemaking Aimed at Expanding Data Breach Reporting Obligations
Hunton & Williams explains: On December 21, 2017, the Federal Energy Regulatory Commission (“FERC”) issued a Notice of Proposed Rulemaking (“NOPR”) aimed at expanding mandatory reporting obligations in relation to cybersecurity incidents. In particular, FERC’s NOPR would direct the North American Electric Reliability Corporation (“NERC”) to develop modifications to certain Critical Infrastructure Protection (“CIP”) Reliability…
Businesses Take Note: Updates to Maryland’s Data Breach Notification Law Take Effect January 1, 2018
James Benjamin, Jr. of Pessin Katz Law, P.A. writes: On January 1, 2018, several amendments to the Maryland Personal Information Protection Act, (“MPIPA”) MD Code Ann., Com. Law §14-3501 et seq. will go into effect. Businesses collecting personal information should take note and be prepared. Under the law as amended, the definition of “personal information”…
Federal Court’s Embrace Of FTC Data-Breach Settlements As ‘Common Law’ Treads On Due Process
Cory L. Andrews of Washington Legal Foundation has an OpEd that begins: The Federal Trade Commission (FTC) has developed a well-known penchant for using individually negotiated settlement agreements and consent decrees to announce for the first time what qualifies as “unfair” or “deceptive” conduct under the FTC Act. In the data-privacy arena, FTC views these…
Ohio Bill Proposes Safe Harbor Against Breach Suits to Businesses Maintaining Recognized Cybersecurity Programs
William Berglund, Robert J. Hanna and Victoria L. Vance of Tucker Ellis write: Maintaining robust cybersecurity measures that meet government- and industry-recognized standards will provide businesses operating in Ohio with a legal defense to data breach lawsuits, if a bill recently introduced in the Ohio Senate becomes law. Ohio Senate Bill No. 220 (S.B. 220),…
National data breach notification law introduced by Senate Commerce Committee members
Patrick Howell O’Neill reports: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports…