Craig A. Newman of Patterson Belknap writes: Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach. Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev. Code § 1354.01, et seq.) goes into effect today, creating a safe harbor…
Category: State/Local
Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs. The amendment was passed as part of…
California passes law that bans default passwords in connected devices
I’m really going to miss California when it falls off into the Pacific some day. Zack Whittaker reports: Good news! California has passed a law banning default passwords like “admin,” “123456” and the old classic “password” in all new consumer electronics starting in 2020. Every new gadget built in the state from routers to smart…
The Significance to Businesses of the California Legislature’s Last-Minute Revisions to the 2018 California Consumer Privacy Act
Akin Gump Strauss Hauer & Feld LLP write: The California Consumer Privacy Act (CCPA), the nation’s broadest privacy protection statute, was enacted by the California Legislature in June 2018 as part of a last-minute deal to stop a proposed statewide ballot measure that could have ushered in an even stricter privacy law. We have written about…
NY Cyber Law Hits 3rd Deadline: Toughest Yet to Come
Craig A. Newman of Patterson Belknap writes: By today, financial institutions are required to meet their next deadline for compliance with New York’s cybersecurity law. The regulation – enacted in March 2017 –includes a series of rolling deadlines that require banks and insurance companies covered by the law to meet varying data security requirements. Today’s…
Unixiz Agrees to Shutter “i-Dressup” Site and Pay Penalty to Settle Charges Under COPPA and the New Jersey Consumer Fraud Act
From Hunton Andrews Kurth: On August 3, 2018, California-based Unixiz Inc.(“Unixiz”) agreed to shut downits “i-Dressup” website pursuant to a consent order with the New Jersey Attorney General, which the company entered into to settle charges that it violated the Children’s Online Privacy Protection Act (“COPPA”) and the New Jersey Consumer Fraud Act. The consent orderalso…