So I’ve had a chance to read Obama’s proposed data breach notification bill, The Personal Data Notification & Protection Act, and although it has a few interesting points, it’s pretty much a rehash of bills that have raised concerns among privacy advocates for years. This post will describe just some of some of the provisions of the bill…
Category: Commentaries and Analyses
Obama’s proposed changes to the computer hacking statute: A deep dive
Orin Kerr writes: As part of the State of the Union rollout, President Obama has announced several new legislative proposals involving cybersecurity. One of the proposals is a set of amendments to the controversial Computer Fraud and Abuse Act (“CFAA”), the federal computer hacking statute. This post takes a close look at the main CFAA proposal….
Law Offices of David A. Krausz, P.C. notifies clients that their Social Security numbers were on stolen laptop
David A. Krausz, whose personal injury law practice is in San Francisco , has notified clients about a breach: On January 6, 2015*, Law Offices of David A. Krausz, P.C. experienced the theft of a laptop computer that contained identifying client information including names, social security numbers and dates of birth. As a result of this incident,…
Why tort liability for data breaches won’t improve cybersecurity
Stewart Baker writes: … So, how much incentive for better security comes from the threat of data breach liability? Some, but not much. As I’ve been saying for a while, the actual damages from data breaches are pretty modest in dollar terms, and the pattern of losses makes it very hard to sustain a single class,…
Data Breach Plaintiffs Survive Dismissal Against Target
If you haven’t kept up with all the lawsuits against Target over its 2013 data breach, Amelia Gerlicher and Todd M. HinnenTodd M. Hinnen of Perkins Coie provide a useful write-up of where things stand now. You can read it on JDSupra.
Proposed data breach bill in Washington State: comments
So I’ve just read the proposed legislation for revising Washington State’s data breach notification law (see the WA AG’s press release on the proposal here). A few comments/observations on the bill: 1. The bill eliminates the word “computerized” before “data,” thereby seemingly expanding the data breach notification requirements to paper records or other formats. That…