Julia K. Kadish, Kari M. Rollins, and Liisa M. Thomas of Sheppard, Mullin, Richter & Hampton LLP write: Maryland recently passed two companion bills amending the state’s Personal Information Protection Act. The bills modify the data breach notification requirements and scope of businesses subject to the data security requirements. The key changes are summarized below, and will…
Category: Legislation
FTC Weighs In On Data Breach Notification
Liisa M. Thomas, Kari M. Rollins, and Julia K. Kadish of Sheppard, Mullin, Richter & Hampton LLP write: The FTC recently reminded companies that principles of fairness and the likelihood of harm may in some cases prompt breach notification. This requirement might exist even if state breach notice laws have not been triggered. The FTC emphasized at the…
PA House Committee advances Data Breach Notification legislation
George Stockburger reports: The Pennsylvania House State Government Committee has sent to the full House of Representatives for consideration Sen. Dan Laughlin’s legislation that would require state agencies to notify victims of a data breach within one week. Under Senate Bill 696, any state agency, county, municipality, public school or third-party vendor that conducts business with…
‘Too Much’ Data Breach Disclosure May Risk Additional Cyber Vulnerabilities
Isha Marathe reports: Even before Russia’s invasion of Ukraine, cyberattacks had been on the rise, leading to provisions from regulatory bodies such as the mandatory disclosures of incidents to protect investors and alert other businesses alike. Now, some attorneys and cybersecurity experts are asking if forced reporting of breaches and attacks at the level of detail that the U.S….
New Canadian cybersecurity bill to require mandatory reporting of ransomware, other attacks
Jim Bronskill reports: Businesses and other private-sector organizations would be required to report ransomware incidents and other cyberattacks to the government under a federal bill to be tabled today. The legislation is intended to flesh out Liberal government efforts to protect critical infrastructure following last month’s announcement that Chinese vendors Huawei Technologies and ZTE will be banned from Canada’s…
Vermont Enacts Insurance Data Security Law
Hunton Andrews Kurth writes: On May 27, 2022, Vermont Governor Phil Scott signed H.515, making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). The Vermont Insurance Data Security Law applies to “licensees”—those licensed, authorized to operate or registered, and those required to be…