Linn F. Freedman of Robinson & Cole writes: On July 20, 2020, the Connecticut Insurance Department issued a bulletin to licensees reminding them that the Connecticut Insurance Data Security Law (“Act”) becomes effective on October 1, 2020 and providing guidance on compliance. The Act requires “all persons who are licensed, authorized to operate or registered, or…
Category: State/Local
Proposed Amendment to the North Carolina Identity Theft Protection Act
Alexander Turner of Spilman Thomas & Battle, PLLC writes: In April 2019, with the introduction of House Bill 904, a bi-partisan effort was made to strengthen cyber security in North Carolina. H.B. 904 seeks to make North Carolina’s Identity Theft Protection Act one of the strongest in the nation by broadening the definition of what constitutes…
FoxRothschild: U.S. States And Territories Data Breach Statutes (Updated)
Fox Rothschild’s Privacy and Data Security practice group maintains this searchable PDF document as well as the Data Breach 411 app to inform businesses of the breach notification statutes in each of the 50 states, Guam, Puerto Rico and the U.S. Virgin Islands, so they can better understand their rights, obligations and potential liability. Download…
Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020
From Hunton Andrews Kurth: On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Security Breach Notice Act The amendments to Vermont’s Security Breach Notice Act include expanding the definition of Personally Identifiable Information (“PII”), expanding the definition of a…
Citing NY’s SHIELD Act, NYSBA Approves Cybersecurity CLE Requirement for All Attorneys
Caroline Morgan of Fox Rothschild reports that the New York State Bar Association (NYSBA) has approved a new requirement that New York attorneys take one cybsersecurity CLE credit. The proposal is presently before the New York CLE board for consideration. Read more on Privacy Compliance & Data Security.
Minted hit with California data breach lawsuit after ShinyHunters hack
We anticipated a lot of lawsuits would be filed under California’s new law, the California Consumer Privacy Act (CCPA), as it imposes a data security duty on organizations. But will any of the complaints filed withstand early motions to dismiss? The CCPA requires complainants to give the organization 30 days to “cure” a violation and…