Zack Whittaker reports: California, which has some of the strongest data breach notification laws in the U.S., thinks it can do even better. The golden state’s attorney general Xavier Becerra announced a new bill Thursday that aims to close loopholes in its existing data breach notification laws by expanding the requirements for companies to notify…
Category: State/Local
No Damages Required to Sue Under Illinois Biometric Information Privacy Act
Anjali C. Das, Brian Dollar, Stefanie L. Ferrari, and David H. Potter of Wilson Elser Moskowitz Edelman & Dicker LLP write: …. Following the rise of the use of biometric information, the Illinois Legislature passed the Biometric Information Privacy Act (BIPA) in 2008 to provide standards of conduct to help regulate how biometric information is collected,…
Ransomware attacks would become felony with Maryland bill
Jared Beinart reports: Using ransomware to hold computers hostage would draw stiffer penalties under legislation — prompted in part by attacks on Maryland hospitals over the past few years — state lawmakers are considering. […] Maryland Senate bill 151, cross-filed with House bill 211, would define ransomware attacks that result in a loss greater than $1,000 as…
California Consumer Privacy Act: The Challenge Ahead – The CCPA’s “Reasonable” Security Requirement
Bret Cohen, Paul Otto, Nathan Salminen, and Morgan Perna (law clerk) of Hogan Lovells write: ….This installment of the Hogan Lovells’ CCPA series explains the CCPA’s security requirement and consequences for non-compliance, and describes security controls that most organizations can implement to mitigate this risk. Available statutory penalties The CCPA allows consumers to sue businesses…
Insurance Data Security Model Law Picks Up Steam
Andreas Kaltsounis and Shea M. Leitch of BakerHostetler write: Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance…
NYCUA to pursue state law on data security
Eric Reinhardt reports that the board of directors of the Albany–based New York Credit Union Association (NYCUA) has approved its 2019 state legislative priorities. And one of those priorities is data security. NYCUA says it would like to see legislation that would require all entities that handle consumer information to comply with comprehensive data-security standards…