For a summary of basic state notification requirements that apply to entities who “own” data, download Foley & Lardner’s State Data Breach Notification Laws Chart. They write: This chart is current as of June 2, 2025, and should be used for informational purposes only because the recommended actions an entity should take if it experiences a…
Category: Legislation
Trump Rewrites Cybersecurity Policy in Executive Order
David Perera reports: President Donald Trump signed Friday an executive order reframing U.S. cybersecurity policy, eliminating what the Republican White House described as “problematic elements” inherited from Democratic administrations. The new order strikes a push for digital identity documents made by then-President Joe Biden in one of his last acts as commander in chief. Digital IDs, the White House…
Oklahoma Expands its Security Breach Notification Law
Melissa Pascualini of Jackson Lewis The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The Amendment includes new definitions, mandates reporting to the state Attorney General, clarifies compliance with similar laws, and provides revised penalty…
North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
Hunton Andrews Kurth writes: On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions. Key requirements,…
Banks Want SEC to Rescind Cyberattack Disclosure Requirements
PAYMNTS reports: American banking groups want the Securities and Exchange Commission (SEC) to revoke its cybersecurity incident disclosure requirements. These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.” Joining the ABA were the Securities Industry…
Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
From the Government of the Netherlands: More forms of espionage, such as digital and diaspora espionage, are to be a criminal offence from 15 May onwards. To achieve this a new criminal provision is being added to the Dutch Criminal Code. The government wants the law to protect national security, public safety, critical infrastructure and…