Rebecca Herold of IT Compliance has a commentary on Nevada’s new encryption law and whether the state’s data breach law makes the encryption law moot. It begins: On May 30, 2009, Nevada enacted a new law, SB 227, which will basically replace NRS 597.970 in January 2010. In many ways the new law is an…
Category: Breach Laws
New Breach Laws in Alaska and SC
On July 1, 2009, new laws will take effect in Alaska and South Carolina that will require entities that have experienced data security breaches involving personal information to notify affected individuals of the breaches. With these additions, a total of 44 states, plus the District of Columbia, Puerto Rico and the U.S. Virgin Islands, will…
House committee approves Data Accountability and Trust Act
The Credit Union National Association reports: H.R. 2221, the Data Accountability and Trust Act, passed the House subcommittee on commerce, trade, and consumer protection by a voice vote during a Wednesday markup session. The bill, which was introduced by House Subcommittee Chair Rep. Bobby Rush (D-Ill.), would require businesses to notify affected customers when outside…
OIS Commentary: And some walls will come tumbling down
One of yesterday’s posts on PHIprivacy.net reports a data breach involving Kelsey-Seybold Clinic that has not been reported in the mainstream media. I contacted Kelsey-Seybold after a site visitor alerted me to the breach. The report is frustratingly short on details, though, because Kelsey-Seybold could — and did — simply ignore questions it did not…
Protecting Electronic Data
From a New York Times editorial: In 2005, ChoicePoint, a data broker, gave access to personal information about more than 140,000 people to criminals posing as businesspeople. Since that widely publicized security breach, many states have passed laws protecting consumer information, but Congress still has not come through. Now, the House is considering a bill…
Maine Requires Breach Notice within Seven Days of Go-Ahead from Law Enforcement
From the Privacy & Information Security Law Blog: On May 19, Maine Governor John Baldacci signed legislation limiting the time that breach notification may be delayed following a determination by law enforcement that providing notice will not compromise a criminal investigation. The provision, which will take effect 90 days after the close of the Legislature’s…