We anticipated a lot of lawsuits would be filed under California’s new law, the California Consumer Privacy Act (CCPA), as it imposes a data security duty on organizations. But will any of the complaints filed withstand early motions to dismiss? The CCPA requires complainants to give the organization 30 days to “cure” a violation and…
Category: State/Local
Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law
Timothy Carter and Susan Kohn Ross of Mitchell Silberberg & Knupp LLP write: While much attention and focus has rightly been placed on the California Consumer Privacy Act and the dramatic expansion of privacy rights for California residents that it heralds, a number of other states have quickly followed suit, working to strengthen their respective…
Vermont Updates its Data Breach Notification Law
Joseph J. Lazzarotti, Jason C. Gavejian, Mary T. Costigan and Maya Atrakchi of JacksonLewis write: As the COVID-19 pandemic presses on, privacy and security matters continue to be at the forefront for federal and state legislature. We recently reported that Washington D.C. updated its data breach notification law. Now, the Vermont legislature also amended its data breach…
Washington, D.C. Adds Security Requirements in New Data Breach Notification Law
Rachel Marmor of Davis Wright Tremaine writes: Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.” Because D.C. law already provides a private right of action…
New York SHIELD Act’s Reasonable Safeguard Requirements Became Effective on March 21st —Is Your Company Ready?
Despite the pandemic, life — and most laws — go on. Micaela McMurrough, Caleb Skeath and Micha Nandaraj Gallo of Covington and Burling posted a reminder yesterday: On March 21, 2020, the data security requirements of the New York SHIELD Act became effective. The Act, which amends New York’s General Business Law, represents an expansion of New…
NY SHIELD Act Data Security Requirements Effective This Month
Julia K. Kadish of Sheppard Mullin writes: Businesses collecting personal information from New York residents will soon be expected to apply enhanced data security requirements. The New York SHIELD Act, signed into law in July 2019, expanded breach notice requirements in October 2019. Now, On March 21, 2020, the remaining provisions related to data security will…