Jonathan Ishee and Amanda Ray of McGuireWoods LLP write: On May 31, 2021, the Texas Legislature approved House Bill 3746, which seeks to amend the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a breach of security of computerized data. Notably, the bill directs the Texas attorney general to post…
Category: State/Local
Iowa Law Safeguards Insurance Consumers’ Private Data
Katya Maruri reports: In a move to defend insurance consumers’ private information, Iowa Gov. Kim Reynolds has enacted a bill to set new standards related to data security, investigations and cybersecurity events for insurance companies. The bill, known as HF 719, came about in response to several major data breaches involving large insurers that exposed and compromised the sensitive…
Georgia’s HB 156, requiring state notice for utility cybersecurity incidents, is now in effect
Lael Bellamy and Emily Maus of DLA Piper write: Georgia’s governor has signed into law House Bill 156, creating specific notice requirements for state agencies and utilities that experience cybersecurity attacks, data breaches or malware and requiring notice to the state director of emergency management in Georgia within two hours of notifying the federal emergency…
Maine brothers sue Northern Light for sharing their info with Blackbaud
Judy Harrison reports on a lawsuit stemming from the Blackbaud ransomware incident in 2020 that has been covered previously on this site. Two brothers from Holden have sued Northern Light Health over a data breach last May that left them vulnerable to identity theft and affected more than 650,000 people. The complaint, filed Tuesday in…
As States Offer Data Breach ‘Safe Harbors,’ Not All Companies Are Receptive
Victoria Hudgins reports: While federal lawmakers might be hesitant to enact national data privacy legislation, some states are quickly moving to define reasonable cybersecurity—and protect those that adhere to them. But even as legislators extend “safe harbor” protections to encourage cybersecurity, lawyers noted some companies might ignore the incentive to avoid burdensome responsibilities. For companies that are already compliant…
Maine and North Dakota Are Latest States to Adopt the NAIC Data Security Model Law
Deborah George of Robinon + Cole writes: Two more state governors, those of Maine and North Dakota, have signed bills into law that adopt the National Association of Insurance Commissioners (NAIC) data security model law (Model Law). Maine and North Dakota join several other states that have already passed similar laws. Hawaii, Idaho, Illinois, Iowa,…