David M. Stauss and Gregory Szewczyk of Ballard Spahr write: A bipartisan group of Colorado legislators proposed legislation that, if enacted, would significantly change the requirements for how Colorado entities protect, transfer, secure, and dispose of documents containing “personal identifying information” (PII). The proposed legislation also would expand the types of information covered by the…
Category: State/Local
South Dakota lawmakers delay action on data breach legislation
AP reports: A legislative panel has delayed action on a bill that would require companies to inform South Dakota residents whose personal information was acquired in a data breach. The Senate Judiciary Committee plans to take up the proposal again Thursday. Attorney General Marty Jackley’s bill would require affected South Dakotans be notified within 60…
Arizona Legislature Considers Strengthening Data Breach Notification Law
John G. Kerkorian, David M. Stauss, Gregory P. Szewczyk, and Kimberly A. Warshawsky of Ballard Spahr write: The Arizona State Legislature is considering proposed legislation that, if enacted, would significantly change the requirements for how Arizona entities respond to data breaches. Under Arizona’s existing breach notification law, entities that conduct business in the state and own or license computerized…
North Carolina introduces data breach legislation
Bradley Barth reports: More than 5.3 million residents of North Carolina were victims of data breaches in 2017 – an escalating trend that has prompted state Attorney General Josh Stein (D) and state Rep. Jason Saine (R) to introduce newly proposed legislation to prevent further incidents and protect the public. Unveiled on Jan. 8, the…
Vermont poised to act on data security
Elizabeth Hewitt reports: Vermont lawmakers are poised to take action to regulate data brokers in the coming months. Data brokers — companies that collect and maintain consumers’ personal information — have been in the spotlight after the credit report giant Equifax revealed that a security breach exposed the private information of millions of Americans. However,…
Businesses Take Note: Updates to Maryland’s Data Breach Notification Law Take Effect January 1, 2018
James Benjamin, Jr. of Pessin Katz Law, P.A. writes: On January 1, 2018, several amendments to the Maryland Personal Information Protection Act, (“MPIPA”) MD Code Ann., Com. Law §14-3501 et seq. will go into effect. Businesses collecting personal information should take note and be prepared. Under the law as amended, the definition of “personal information”…