There’s been a state enforcement action against National Public Data, but it’s not for the data breach that resulted in the leak of 2.9 billion records. It’s for failure to register with California as a data broker. News: February 20, 2025 SACRAMENTO — The Enforcement Division of the California Privacy Protection Agency (CPPA) has brought…
Category: State/Local
Bill raising the bar for class-action suits in data breach incidents advances
Rural Radio reports: A measure that would raise the bar for filing class-action lawsuits in state courts against private entities that suffer a cybersecurity breach has received first round approval in the Nebraska Legislature. Lawmakers spent a considerable amount of floor debate Tuesday and today discussing LB 241, which would require willful, wanton, or gross…
PayPal to pay NYS $2M for violating DFS’s Cybersecurity Regulation
January 23, 2025 New York State Department of Financial Services Superintendent Adrienne A. Harris today announced that PayPal, Inc. (PayPal) will pay a $2 million penalty to New York State for violations of DFS’s Cybersecurity Regulation. An investigation determined PayPal failed to use qualified personnel to manage key cybersecurity functions and failed to provide adequate training…
Utah Updates to Breach Notification Requirements Take Effect
Dorothy Parson McDermott of JacksonLewis writes: On May 1, 2024, amendments to Utah’s cybersecurity and data breach notification law took effect. The state’s cybersecurity and data breach notification law requires an organization that conducts business in the State of Utah to prevent the unlawful use or disclosure of personal information collected by the organization. Under…
Resource: U.S. State Data Breach Notification Laws
There’s an update to Foley & Lardner’s resource on U.S. state data breach notification laws. They explain what their resource applies and what it doesn’t apply to: While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches…
Florida Department of Juvenile Justice computer network hacked
Vivienne Serret reports: Hackers broke into the computer network of the Florida Department of Juvenile Justice in Tallahassee, which runs the state’s juvenile detention centers and programs to steer troubled kids away from crime. It led to a continuing shutdown of the digital backbone the agency uses to manage cases statewide. The department took offline…