Jason Gavejian and Joseph Lazzarotti of JacksonLewis write: Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant…
Category: State/Local
California Breach Regulations Applicable to Health Care Facilities Align “Breach” Definition with HIPAA, Expand Reporting Obligations, and Clarify Penalty Structure
Jennifer Hennessy, Chloe Talbert, and Jennifer Urban of Foley Lardner write: California clinics, health facilities, home health agencies, and licensed hospices required to report breaches to the California Department of Public Health (CDPH) under California’s Health and Safety Code Section 1280.15 (Section 1280.15) are now subject to a new set of regulations. Section 1280.15, which has been in…
WI: Governor Evers Signs Law to Enhance Insurance Cybersecurity Measures
July, 15 — Madison, Wis. — Today, Governor Tony Evers signed Act 73 into law creating new cybersecurity requirements for protecting data collected by the insurance industry. “From ransomware to data breaches, insurers and consumers are at an increasing risk of experiencing a serious cybersecurity incident,” said Insurance Commissioner Mark Afable. “The new consumer protections in this Act…
Ohio Introduces Data Privacy Legislation
Kurt R. Hunt and Gregory A. Tapocsi of Dinsmore & Shohl LLP write: On July 13, 2021, Ohio Lieutenant Governor John Husted announced the introduction of the Ohio Personal Privacy Act (OPPA), a comprehensive privacy framework following in the footsteps of recent legislative enactments in California (the CCPA as modified by the CPRA), Virginia (the…
New Decision Narrows Scope of Georgia Computer Trespass Statute
Liisa Thomas and Snehal Desai of Sheppard Mullin write: The Georgia Supreme Court recently concluded that Georgia’s equivalent of the CFAA should be viewed narrowly, similar to the US Supreme Court’s recent, similar decision in Van Buren. In Kinslow v. State, the Georgia Supreme Court held that even if there is unauthorized use of a computer or computer network,…
NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations
Lance Taubin, Kate Hanniford, and Kimberly Peretti of Alston & Bird write: The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware…