Daniel J. Moses of JacksonLewis writes: As we recently noted, Washington state amended its data breach notification law on May 7 to expand the definition of “personal information” and shorten the notification deadline (among other changes). Not to be outdone by its sister state to the north, Oregon followed suit shortly thereafter—Senate Bill 684 passed unanimously in both legislative…
Category: State/Local
Texas Moves Forward With Updates to Breach Notification Law and Institutes Privacy Council to Study Data Privacy Legislation
Will R. Daugherty and Caroline B. Brackeen of BakerHostetler write: Texas is one of the many states that looked to be following in the footsteps of California’s enactment of a broad consumer privacy law (the California Consumer Privacy Act), which has far-ranging implications for businesses and consumers. Two comprehensive data privacy bills, HB 4390 and…
Legislative Roundup: New Laws Passed in Arkansas, Oklahoma, and Maryland That Revise Cyber Security Measures
Steven Erkel and Kaeley Brown of Alston & Bird write: Arkansas In April, Arkansas’ Governor signed H.B. 1943 as Act 1030 expanding the scope of personal information, as used in the Personal Information Protection Act, to include “biometric data.” The Bill defines “biometric data” as “data generated by automatic measurements of an individual’s biological characteristics,…
Georgia Supreme Court Clarifies There Is No Duty to Safeguard Personal Information from a Data Breach
Gavin Reinke of Alston & Bird writes: The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number,…
North Dakota Data Misuse Law Amended
Lisa Thomas of SheppardMullin writes: North Dakota criminal law currently contains penalties for misusing the personal information of another. That law has been expanded, and beginning August 1, 2019, it is a class B felony to use a skimmer or scanning device to try get information from a payment card, credit card, or state ID…
NJ: Bill Expanding Disclosure of Online Breaches Now Law
Suzette Parmley reports: Legislation expanding the types of personal data that will trigger a required notification to customers in case of a breach, including email addresses and passwords, was signed into law by Gov. Murphy. The online breach bill was among 22 measures that the governor signed on Friday. With his signature, New Jersey joins California,…