Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of Jackson Lewis write that changes to Louisiana’s data breach notification law (Act 382) go into effect on August 1 of this year. Those changes include expansion of the definition of personal information, requirements that notification be made no later than 60 days from discovery of…
Category: State/Local
South Carolina Enacts First Insurance Data Security Act
Edward J. McAndrew of Ballard Spahr LLP writes: South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed the South Carolina Insurance Data Security Act into law on May 14, 2018. The Act…
Georgia governor vetoes ‘hack back’ bill
Good! Ryan Johnston reports: Following weeks of outcry from cybersecurity companies and independent researchers, Republican Georgia Gov. Nathan Deal vetoed the state’s proposed “hack back” bill on Tuesday. The bill, SB 315, sought to create the misdemeanor crime of “unauthorized” computer or computer network access, criminalizing the act of “intentionally” logging into a computer or website hosted in Georgia without the user first…
Hackers target Georgia Southern, Augusta restaurants
So if you want to prove a hacking bill is a bad idea, engaging in black hat/grey hat activities may not be the best way to persuade people. Tom Corwin reports: A hacking group upset with Georgia legislation that could criminalize what they do targeted Georgia Southern University and two Augusta restaurants in an ongoing…
Oregon Amends Data Breach Notification and Information Security Laws
David Stauss of Ballard Spahr writes: In March, we reported that the Oregon legislature was considering amending its data breach notification and information security laws. That legislation has now passed the Oregon legislature and been signed into law by Oregon’s governor. A copy of the new law is available here. The most notable changes are as follows: Amendments to Oregon’s Breach Notification…
South Dakota Enacts Breach Notification Law
Hunton & Williams write: As reported in BNA Privacy Law Watch, on March 21, 2018, South Dakota enacted the state’s first data breach notification law. The law will take effect on July 1, 2018, and includes several key provisions: Definitions of Personal Information and Protected Information. The law defines personal information as a person’s first name or…