V. John Ella writes: North Dakota has amended its data breach notification law to include “medical information” and “health insurance information.” See N.D. Century Code, Section 51-30-01. Amendments to the law also provide an exemption for HIPAA covered entities, business associates, or subcontractors so long as they are in compliance with breach notification requirements under title 45, Code…
Category: Breach Laws
New EU rules: Telco only SOMETIMES has to tell you it spaffed your data
The Register has an article from Out-Law.com that begins: New rules setting out the circumstances in which telecoms companies need to report personal data breaches, as well as the kind of information they need to share in those reports, have come into force. The EU’s Regulation on the notification of personal data breaches (7-page/756KB PDF) applies…
Austria: Under pressure: data breach notification must be made within 24 hours
Günther Leissler and Veronika Wolfbauer explain: The European regulatory framework on electronic communications obliges providers of public electronic communications services to notify personal data breaches to their national authorities.(1) However, the European Commission recently found a lack of harmonisation among member states in this respect, and exercised its power to issue technical implementing measures on the…
Resource: State by state data breach notification laws
Perkins Coie has compiled an updated resource (141 pages) of state data breach notification laws:
Texas amends the effects of its data breach law on out-of-state residents
Joseph J. Lazzarotti of Jackson Lewis LLP writes: On June 14, 2013, Texas Governor Rick Perry signed S.B. 1610 amending Texas’ data breach notification law to remove language limiting the application of the data breach notification requirement to Texas residents and residents of states that do not require notification, permit, for residents of states other than Texas that require notification of a breach, notice to be…
Vermont and North Dakota Amend Breach Notice Laws
Michael Young writes: On May 13, 2013, Vermont Governor Peter Shumlin signed H.513 into law. The new law includes an amendment to Vermont’s Security Breach Notice Act, 9 V.S.A. § 2435. Previously, under § 2435, Vermont-regulated financial institutions were exempt from notifying any Vermont authority in case of a security breach involving personally identifiable data. The new…