Edward McAndrew of Ballard Spahr LLP writes: Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. The law will take effect on May 1, 2018. Although it was last in the country to enact such a data security law, Alabama’s new…
Category: State/Local
MD: House of Delegates passes data breach protection bill
Chase Cook reports: The House of Delegates passed legislation Monday that would require internet service providers to notify Maryland customers of data breaches in which personal information was stolen. House Bill 1584 sponsor Del. Seth Howard, R-West River, said he put forth the legislation because internet service providers weren’t required to post notices regarding data…
Public Notification of Data Breaches: Between a Rock and a Hard Place
John Amabile and Micheal Binns of Parker Poe Adams & Bernstein write: A change in emphasis in disputes over data security breaches is coming. To date, the focus has been on issues and potential damages arising from the breach itself and the subsequent loss of private, personal information. In light of recognized delays from both…
A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements, Part II
Courtney M. Bowman of Proskauer Rose writes: What would companies need to do to comply with the law? The Stop Hacks and Improve Electronic Data Security (SHIELD) Act imposes requirements in two areas: cybersecurity and data breach notification. The cybersecurity provisions of the proposed SHIELD Act would require companies to adopt “reasonable safe-guards to protect the security,…
Colorado Legislature Signals That It May Create More Stringent Data Destruction Regulations and Tighten Breach Reporting Requirements
Sammantha Tillotson and Casie Collignon of BakerHostetler write: In January 2018, Colorado legislators sponsored a bill that, if passed, will change the state’s existing data breach reporting laws in important ways. A House Committee Report detailing the current version of the bill can be found here. The bill would create a new statute, C.R.S. §…
A.G. Schneiderman Announces $575,000 Settlement With EmblemHealth After Data Breach Exposed Over 80,000 Social Security Numbers
March 6 – Attorney General Eric T. Schneiderman today announced a settlement with healthcare provider EmblemHealth and wholly owned subsidiary Group Health Incorporated (“EmblemHealth”) after the company admitted a mailing error that resulted in 81,122 social security numbers being disclosed on a mailing. In addition to paying a $575,000 penalty, EmblemHealth agreed to implement a Corrective…