Amber Thomson, Liisa Thomas, Elfin Noce, and Kari Rollins of SheppardMullin write: Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273,applies to insurers authorized to do business in Ohio and goes into effect today, March 20,…
Category: Legislation
Data Breach Reporting Obligations in Saskatchewan
David Krebs and Jacey Safnuk of Miller Thomson LLP write: … Data breach reporting obligations in Saskatchewan are influenced by a total of four relevant pieces of legislation, covering both public and private sectors. These laws will not all apply to every potential breach, of course, but it is crucial for organizations to understand that more…
Lawmakers introduce bipartisan bill for ‘internet of things’ security standards
Jacqueline Thomsen reports: A bipartisan group of lawmakers on Monday unveiled legislation that would create cybersecurity standards for internet-connected devices, often known as the “internet of things.” The bill, introduced in the Senate by Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) and in the House by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.),…
FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule
Mike Nonaka, Libbie Canter, David Stein and Sam Adriance of Covington & Burling write: On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”). Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which…
Republicans, Democrats Offer Different Views on Preemption During Senate Privacy Hearing
James Strawbridge of Covington & Burling writes: At a February 27, 2019 hearing on “Privacy Principles for a Federal Data Privacy Framework in the United States,” Republican and Democratic members of the Senate Commerce, Science, & Transportation Committee offered different perspectives on whether new federal privacy legislation should preempt state privacy laws. Chairman Roger Wicker…
Turkish Data Protection Authority Announces The Procedure To Be Taken By Companies In Cases Of Data Breaches
Ertuğrul Can Canbolat LL.M., Baran Can Yildirim, LL.M. and S. İrem Akin of Actecon write: Article 12 of the Turkish Data Protection Law No. 6698 (“TurkishData Protection Law“) entitled “Obligations Regarding Data Security” deals with the obligations of the data controller. Article 12/1 of the Turkish Data Protection Law states the data controller shall take…