Patrick Howell O’Neill reports: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports…
Category: Breach Laws
SCOTUS Will Not Review CFAA Password Sharing Case
Jason C. Gavejian writes: The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to…
Maryland Data Breach Notification Law Updated: Effective 1/1/18
Linn Freedman reports: The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018. The new law expands the definition of personal information that is protected under the statute. Presently, the definition of personal information includes a Maryland resident’s first and last name or initial and last name…
WP29 guidelines on personal data breach notification under GDPR
Anita Anand of Allen & Overy writes: The Article 29 Working Party this week published draft Guidelines on personal data breach notificationunder GDPR. The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day. Many are now asking what further…
Government of Canada publishes proposed “Breach of Security Safeguards Regulations”
Kelly Friedman and Tamara Hunter of DLA Piper write: On September 2, 2017, the Government of Canada published proposed “Breach of Security Safeguards Regulations”. The proposed regulations relate to the provisions in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), which are not yet in force. The PIPEDA provisions will require an organization to…
Delaware Adds More Stringent Data Breach Notice Requirements
Leslie A. Pappas reports: Companies doing business in Delaware have until spring 2018 to meet more stringent data breach notification requirements under a new law signed Aug. 17. Companies will be required to tell state residents affected by a data breach within 60 days and notify the state attorney general if a breach affects more…