From VitalLaw’s weekly roundup of privacy and cybersecurity legislation: Augmented data broker, data breach requirements advance in California. The California state Assembly Appropriations Committee voted on July 9 to pass a bill that would require data brokers in the state to disclose additional information regarding their data-collection practices. S.B. 361, Reg Sess., would, if enacted, require data…
Category: Legislation
EU-wide Breach Notification Template on the Horizon
Hanna Hewitt, Wim Nauwelaerts, and Alice Portnoy of Alston & Bird write: Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and ran EU-wide data breach notification template to help companies comply with the requirements of the EU…
British institutions to be banned from paying ransoms to Russian hackers
Mason Boycott-Owen reports: Hospitals, local councils and operators of critical U.K. infrastructure are among the organizations who will be banned from paying ransoms to hackers under new plans unveiled by the British government. The move — which will cover all public sector bodies as well as the owners and operators of critical national infrastructure —…
Missouri Adopts New Data Breach Notice Law
J. Randall Coffey, Daniel Pepper, and Jillian Seifrit of Fisher Phillips write: On July 2, Missouri’s Governor approved House Bill 974, “The Insurance Data Security Act,” which will establish standards for insurers and licensed entities regarding data security, breach investigations, and notification protocols when it takes effect on January 1, 2026. What are the 10…
Texas Enacts Electronic Health Record Data Localization Law
Hunton Andrews Kurth writes: Texas Governor Greg Abbott recently signed into law S.B. 1188, a bill that regulates the security and storage of electronic health record data and the deployment of artificial intelligence (“AI”) in the health care context. The law creates a data localization requirement, obligating covered entities to physically maintain electronic health records in…
German court offers EUR 5000 compensation for data breaches caused by Meta
Aurora Munteanu reports: The Leipzig District Court has awarded Facebook users EUR 5000 in compensation for data protection violations from Meta’s Business Tools. This marks a significant precedent in European privacy enforcement. The German court offered the judgment on July 4th, 2025, finding that Meta Platforms Ireland Limited breached the General Data Protection Regulation through its extensive tracking…