Dr. Stefan Schuppert and Valentin Reiter of Hogan Lovells write: While the NIS2 Directive remains to be implemented in several EU Member States, including Germany, companies should use the time to assess whether they fall within the scope of the Directive and prepare for its implementation. When making this assessment, particular attention should be paid…
Category: Legislation
Two agencies in one state investigated and fined Healthplex. Was that one too many?
DataBreaches is generally a great fan of state attorneys general taking enforcement action stemming from data breaches where the security was really subpar or the entity did not notify those affected in a reasonable amount of time. But two enforcement actions in New York have me wondering if the state has been a bit unfair…
Ohio law to require local governments to formally approve ransomware payments
Cleveland.com reports: In response to Cleveland and other local governments around Ohio being targeted with cyberattacks and ransomware threats, the state of Ohio will soon require all counties, cities, townships, school districts, libraries, and other local governments to have a cybersecurity policy that adheres to certain standards, as well as only allow locals to approve…
New York Upgrades Its Firewall Against Cyberattacks
New York State Senator Monica R. Martinez writes: The frequency and sophistication of cybersecurity attacks on state and local governments across the United States are on the rise, but now New York state has enacted legislation to ensure public entities’ responses to these incidents won’t glitch. Earlier this summer, Gov. Kathy Hochul signed S.7672A/A.6769A, sponsored by state…
Oklahoma Substantially Amends Its Data Breach Notification Statute
Ashden Fein, Caleb Skeath, Micaela McMurrough, Emily Pehrsson, and Sierra Stubbs of Covington and Burling write: Oklahoma recently enacted Senate Bill 626, which substantially amends the state’s data breach notification law to broaden the scope of notification obligations and add a new regulator notification requirement along with a new “safe harbor”-style provision that provides liability protections if certain…
State Legislation : Rhode Island Enacts New Financial Institutions Cybersecurity Law With Immediate Effect
From a Cooley alert: As the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) scale back rulemaking and enforcement, states are advancing more prescriptive cybersecurity standards for financial institutions, including many that align with the approach and standards set by the New York Department of Financial Services (NYDFS). On July 2, 2025, Rhode…