Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance Data Security Model Law. South Carolina was the first to…
Category: State/Local
US Breach Laws Are Coming: Vermont
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom…
Amendments to data breach notification law in Colorado impact HIPAA-regulated entities
Kiss that 60-days to notify patients HIPAA bit goodbye if you’re doing business in Colorado. Julie A. Sullivan and Loreli Wright of Greenberg Traurig, LLP write: Passed during the 2018 state legislative session, House Bill 18-1128 went into effect on Sept. 1, changing Colorado’s law on the protection of personally identifying information and the procedure businesses must…
Another State Data Security Law: Ohio Gets in on the Action
Craig A. Newman of Patterson Belknap writes: Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach. Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev. Code § 1354.01, et seq.) goes into effect today, creating a safe harbor…
Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs. The amendment was passed as part of…
California passes law that bans default passwords in connected devices
I’m really going to miss California when it falls off into the Pacific some day. Zack Whittaker reports: Good news! California has passed a law banning default passwords like “admin,” “123456” and the old classic “password” in all new consumer electronics starting in 2020. Every new gadget built in the state from routers to smart…