Jason Gavejian and Joseph Lazzarotti of JacksonLewis write: Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant…
Category: Legislation
California Breach Regulations Applicable to Health Care Facilities Align “Breach” Definition with HIPAA, Expand Reporting Obligations, and Clarify Penalty Structure
Jennifer Hennessy, Chloe Talbert, and Jennifer Urban of Foley Lardner write: California clinics, health facilities, home health agencies, and licensed hospices required to report breaches to the California Department of Public Health (CDPH) under California’s Health and Safety Code Section 1280.15 (Section 1280.15) are now subject to a new set of regulations. Section 1280.15, which has been in…
China’s New Law Requires Researchers to Report All Zero-Day Bugs to Government
Ravie Lakshmanan reports: The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are expected to…
China’s Shenzhen City Enacted Regional Data Regulation
Manuel Torres and Zhang, Dun of Garrigues write: Shenzhen, the leading financial and production center for China and home of many Chinese internet and tech giants such as Huawei, Tencent and DJI, enacted its regional data protection law, ‘Data Regulation of the Shenzhen Special Economic Zone’ (Shenzhen Data Regulation) on June 29, 2021. Shenzhen Data…
AU: Cyber-attackers partially knockout Australian education department, while unrelated leak impacts Blackboard Collab users
While New South Wales’ new COVID outbreak is causing problems, it has other problems as well. On July 9, GRC World Forums reported: The New South Wales (NSW) department of education in Australia has deactivated some internal systems after becoming the victim of a cyber-attack. The timing has created considerable challenges for staff as they…
New Decision Narrows Scope of Georgia Computer Trespass Statute
Liisa Thomas and Snehal Desai of Sheppard Mullin write: The Georgia Supreme Court recently concluded that Georgia’s equivalent of the CFAA should be viewed narrowly, similar to the US Supreme Court’s recent, similar decision in Van Buren. In Kinslow v. State, the Georgia Supreme Court held that even if there is unauthorized use of a computer or computer network,…