Alston & Bird write: Oregon has updated its data breach notification statute to broaden the definition of personal information that will trigger notice to individuals and add the requirement to notify the state’s Attorney General of certain breaches. Oregon Governor Kate Brown signed into law SB601 on June 10, and it was enrolled on June 15. The…
Category: Breach Laws
CT Governor Malloy Expected To Sign Data-Breach Bill Requiring One Year Of Identity-Theft Protection
Matthew Sturdevant reports: In the wake of several major data breaches in recent years at The Home Depot, Target and Anthem, Connecticut’s legislature has passed a bill that would provide greater consumer protections. One of the key provisions is at least one-year of identity-theft protection for any customer that is a victim of a data…
Dutch upper house approves data breach reporting requirement
Telecompaper reports: The Dutch upper house of parliament has approved a legislative amendment on tightening requirements for reporting data breaches and increasing the privacy regulator CBP’s sanctions powers. The lower house approved the legislation in February. Under the changes, a data breach must be reported to the CBP if it impacts security and has a…
North Dakota amends data breach notification law
Christin McMeley and Bryan Thompson write: On April 13 North Dakota Governor Jack Dalrymple signed S. 2214 into law, which amended the state’s data breach statute in an attempt to expand the reach of the state’s notification requirements and the range of businesses subject to them. As the law is currently written, North Dakota’s data breach statute…
UK data watchdog: Massive fines won’t keep data safe
Jennifer Baker reports: The UK’s data protection watchdog has said issuing fines “left, right and centre” is not the way to ensure privacy. However, Information Commissioner Christopher Graham added that this doesn’t mean his office shouldn’t have those exact powers at its disposal. “The obligation laid on data protection authorities always to fine data controllers…
Nevada expands definition of PI for purposes of the state’s breach and safeguards laws
Morrison & Foerster LLP write: Nevada’s recently amended law will, among other things, create the first state mandate to encrypt online account credentials. Specifically, on May 13, 2015, Nevada Governor Sandoval approved a bill (“AB 179”) to expand the definition of “personal information” for purposes of the state’s security breach notification and personal information safeguards…