David Stauss of Ballard Spahr writes: In March, we reported that the Oregon legislature was considering amending its data breach notification and information security laws. That legislation has now passed the Oregon legislature and been signed into law by Oregon’s governor. A copy of the new law is available here. The most notable changes are as follows: Amendments to Oregon’s Breach Notification…
Category: State/Local
South Dakota Enacts Breach Notification Law
Hunton & Williams write: As reported in BNA Privacy Law Watch, on March 21, 2018, South Dakota enacted the state’s first data breach notification law. The law will take effect on July 1, 2018, and includes several key provisions: Definitions of Personal Information and Protected Information. The law defines personal information as a person’s first name or…
Alabama Becomes 50th State to Enact Data Breach Notification Law
Edward McAndrew of Ballard Spahr LLP writes: Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. The law will take effect on May 1, 2018. Although it was last in the country to enact such a data security law, Alabama’s new…
MD: House of Delegates passes data breach protection bill
Chase Cook reports: The House of Delegates passed legislation Monday that would require internet service providers to notify Maryland customers of data breaches in which personal information was stolen. House Bill 1584 sponsor Del. Seth Howard, R-West River, said he put forth the legislation because internet service providers weren’t required to post notices regarding data…
Public Notification of Data Breaches: Between a Rock and a Hard Place
John Amabile and Micheal Binns of Parker Poe Adams & Bernstein write: A change in emphasis in disputes over data security breaches is coming. To date, the focus has been on issues and potential damages arising from the breach itself and the subsequent loss of private, personal information. In light of recognized delays from both…
A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements, Part II
Courtney M. Bowman of Proskauer Rose writes: What would companies need to do to comply with the law? The Stop Hacks and Improve Electronic Data Security (SHIELD) Act imposes requirements in two areas: cybersecurity and data breach notification. The cybersecurity provisions of the proposed SHIELD Act would require companies to adopt “reasonable safe-guards to protect the security,…