David A. Zetoony, Joshua A. James, Jena M. Valdetero, and Christopher M. Achatz of Bryan Cave provide an overview of significant differences between U.S. breach notification laws and the EU’s General Data Protection Regulation (“GDPR”). Here’s a snippet from their analysis: That said, there are several significant differences including: Type of Information Governed. Data breach notification laws in the United States apply…
Category: Legislation
Summer Round-Up: Four States Bolster Data Breach Notification Laws and More Changes on the Way
Michael B. Katz and Cynthia J. Larose of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. write: … According to a recent summary published by the National Conference of State Legislatures, more than 25 states in 2016 have introduced or are currently considering security breach notification bills or resolutions. While much legislation remains pending in statehouses across the…
Rhode Island Attorney General Pushing For A State-Level CFAA That Will Turn Researchers, Whistleblowers Into Criminals
Tim Cushing reports that not satisfied to rest on his laurels in the Really Bad Ideas Department, Rhode Island Attorney General Peter F. Kilmartin is behind a legislative proposal that amounts to a very bad state-level version of the federal hacking statute, CFAA. Tim writes: Here’s the worst part of the suggested amendments: Whoever intentionally and without authorization or in…
Retailers battle financial sector over lame data breach legislation that they think is too strong?
Cory Bennett reports: Retailers on Tuesday doubled down on their opposition to a data breach notification bill favored by financial firms. The Retail Industry Leaders Association (RILA), one of the sector’s largest trade groups, argued in a letter to House leadership that the measure would be unfair to large swaths of the economy. The bill,…
Ga. Senator Proposes Bill On Public Data Breach Investigations
Johnny Kauffman reports: A bill filed in the Georgia Legislature by Sen. John Albers (R–Roswell) would mandate companies and state agencies provide details to the attorney general and the governor’s office and give authority to the attorney general’s office to conduct an investigation. The Republican’s bill (SB 276) is called the “Georgia Personal Data Security…
European Parliament Committee Approves EU Cybersecurity Rules and Publishes Agreed Text
Mark Young and Vera Coughlan write: Formal adoption of the EU Network and Information Security (NIS) Directive is a step closer following a vote on January 14 by the European Parliament’s internal market and consumer protection (IMCO) committee. As we reported in December, the European institutions reached an informal political agreement on the NIS Directive — dubbed…