Judy Harrison reports on a lawsuit stemming from the Blackbaud ransomware incident in 2020 that has been covered previously on this site. Two brothers from Holden have sued Northern Light Health over a data breach last May that left them vulnerable to identity theft and affected more than 650,000 people. The complaint, filed Tuesday in…
Category: State/Local
As States Offer Data Breach ‘Safe Harbors,’ Not All Companies Are Receptive
Victoria Hudgins reports: While federal lawmakers might be hesitant to enact national data privacy legislation, some states are quickly moving to define reasonable cybersecurity—and protect those that adhere to them. But even as legislators extend “safe harbor” protections to encourage cybersecurity, lawyers noted some companies might ignore the incentive to avoid burdensome responsibilities. For companies that are already compliant…
Maine and North Dakota Are Latest States to Adopt the NAIC Data Security Model Law
Deborah George of Robinon + Cole writes: Two more state governors, those of Maine and North Dakota, have signed bills into law that adopt the National Association of Insurance Commissioners (NAIC) data security model law (Model Law). Maine and North Dakota join several other states that have already passed similar laws. Hawaii, Idaho, Illinois, Iowa,…
Maine Enacts NAIC-Inspired Cybersecurity Law
Heather McArn, Bryant Roby Jr. and Judith Selby of Hinshaw write: Maine has become the latest state to adopt a version of the National Association of Insurance Commissioners (NAIC) model cybersecurity law. Signed into law on March 17, 2021, the Maine Insurance Data Security Act establishes investigation procedures, data security program standards, and notification requirements for persons…
Utah is the 2nd State to Create a Safe Harbor for Companies Facing Data Breach Litigation
Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of JacksonLewis write: In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons (defined below) facing a cause of action arising out of a breach…
Utah Becomes the Second U.S. State to Establish Affirmative Defenses for Data Breach
Alyssa Aquino, Judith Selby, and Joanna Storey of Hinshaw write: In enacting the Cybersecurity Affirmative Defense Act, HB80, (Act) on March 11, 2021, Utah became the second state in the U.S. to create affirmative defenses for “persons” to certain causes of action arising out of a breach of system security.[1] “Persons” is defined to include…