Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger of Winston Strawn LLP write: With little fanfare, Virginia recently amended its data breach notification law, requiring employers and payroll service providers to notify the Virginia Attorney General if they are subject to a W2 phishing scam. More specifically, the law requires that they notify…
Category: State/Local
New Mexico passes data breach notification and protection bill
Erich Falke writes: Then there were two. On March 16, 2017, the New Mexico state legislature passed a bill requiring that New Mexico residents be notified if their “personal identifying information” was affected by a breach of electronic data. Upon signature of the bill, New Mexico will join 47 other states requiring such notification, and the only…
NM: Data Breach Notification Passes Senate Committee
Carol A. Clark writes: This afternoon, the Senate Public Affairs Committee unanimously passed House Bill 15, known as the Data Breach Notification Act. The legislation is sponsored by Republican Rep. Bill Rehm of Bernalillo. House Bill 15 would require businesses and other entities to implement reasonable procedures to protect the personal information of consumers. The…
Missouri proposal requires schools to tell you when child’s information stolen
Stephanie Garland reports: Right now the state auditor said hackers can steal your sensitive information and school districts do not have to tell you. That could change this August before some schools start. […] If passed, a new bill would change that and require school districts to report data breaches to parents and the government….
State Data Breach Notification Laws: February 2017 Privacy Update
Cynthia J. Larose and Michael B. Katz of Mintz Levin write: During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were considering new regulations or amendments to their existing security breach…
Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses
Mark L. Krotoski and W. Scott Tester of Morgan Lewis remind entities that duty to notify of a breach depends on state definitions of “personal information,” and more states are now including usernames or email addresses as personal information: Illinois, Nebraska, and Nevada are the latest to add usernames or email addresses to the definition…