On March 18, 2022, Indiana Governor Eric Holcomb signed into law an amendment to Indiana’s data breach notification statute. The amendment requires notification of a data breach to affected individuals and the Indiana Attorney General without unreasonable delay, but no later than forty-five (45) days after discovery of the breach. The amendment will take effect on July 1, 2022….
Category: State/Local
Rattled by RIPTA breach that affected 22,000, lawmakers propose policy changes
Antonia Noori Farzan reports: Lawmakers say that last year’s breach of Rhode Island Public Transit Authority computer systems highlighted glaring problems with the way the state responds to the theft of people’s personal data. […] DiPalma’s bill, S 2664, is designed to expand the protections and reporting requirements outlined in the Identity Theft Protection Act of 2015. A companion bill, H…
Indiana Amends Breach Notification Law to Require Notification Within 45 Days
Linn Foster Freedman of Robinson + Cole writes: Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the…
At Least 22 States Have Consumer Privacy Legislation Pending – Will 2022 Be the Year for More State Privacy Laws?
Deborah George of Robinson & Cole writes: California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP)…
Tech Transactions & Data Privacy 2022 Report: Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules
Michael J. Waters and Colin H. Black of Polsinelli write: Tech Transactions & Data Privacy 2022 Report Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data…
Prepared remarks: Attorney General Phil Weiser on the way forward on data privacy and data security (Jan. 28, 2022)
Colorado’s Attorney General, Phil Weiser, gave a speech for Data Privacy Day that talks about Colorado’s Privacy Act and its provisions with respect to both privacy and data security. It is a speech worth reading, especially if you want an overview of what is coming your way in Colorado. With three states now having state…