Andrew Hoffman writes: California Governor Jerry Brown signed into law an amendment to California’s data breach notification law on Monday. Although at least one news outlet has reported that the law requires a company to offer credit monitoring services, this interpretation is misguided. Rather, the law only places restrictions on certain companies if they choose to offer identity theft prevention and…
Category: Breach Laws
California strengthens breach notification and mitigation requirements (update 1)
The wait is over. Governor Jerry Brown signed AB1710 into law yesterday. The law not only requires “reasonable security procedures and practices appropriate to the nature of the [personal] information” a business owns, licenses, or maintains, but it also requires identity theft protection and mitigation services under some conditions. If notification of a breach is required,…
AU: OAIC data breach guidelines emphasise importance of notification
David Braue writes: Notification of data breaches should be one of the four key steps organisations undertake in response to any detected breach, new guidelines from the Office of the Australian Information Commissioner (OAIC) recommend. The new guidelines – recently published in the OAIC’s Data Breach Notification Guide – are designed to help companies comply with the…
Data breach response bill headed to California governor’s desk
AP reports that the California state assembly has passed AB1710, and it now goes to the governor’s desk. But will he sign it? AB1710 requires businesses to provide free credit monitoring services for one year after Social Security and drivers’ license numbers are exposed. It also prohibits the sale of Social Security numbers except when…
The FTC’s Controversial Battle To Force Companies To Protect Your Data
Kashmir Hill writes: Hacker conference Defcon has a long tradition of playing “spot the fed,” a game that involves outing government types who attend under the radar to learn about the latest hacking tricks and those who are expert at developing them. There was little challenge in the game this August when it came to…
Delaware Adopts Law Requiring the Destruction of Consumers’ Personally Identifiable Information.
Steven Caponi and Elizabeth Sloan of Blank Rome LLP write: On July 1, 2014, Delaware Governor Jack Markell signed into law Delaware House Bill 295, which amends Section 6 of the Delaware Code relating to trade and commerce. The new law, 6 Delaware Code §§50C-101 thru 50C-401, places new obligations on commercial entities with respect…