Liisa M. Thomas writes: The Rhode Island updates to its breach law that we previously reported on are now effective. As a reminder, under the amended law, notice is now required 45 days after “confirmation of the breach,” and the Rhode Island attorney general is to be notified if 500 Rhode Island residents are impacted….
Category: State/Local
Tennessee Breach-Notification Law Indicative of Data-Security Regulators’ Lack of Creativity
David Zetoony of Bryan Cave writes: There is no shortage of data-privacy and security laws in the United States. By our count there are now about 300 state and federal statutes. They include breach-notification laws, data-disposal laws, data-safeguard laws, payment card information-protection laws … the list goes on and on. Many of these laws, and…
Cybersecurity and Data Privacy: Proposed Legislation Would Substantially Expand and Strengthen New York’s Data Breach Notification Statute
Michael Billok, Christopher Stevens, Clifford Tsan of Bond Schoeneck & King PLLC write: A bill currently pending before the New York State Assembly (A10475) would make a number of significant changes to New York’s data breach notification statute (General Business Law Section 899-aa) in the event that it is passed and signed into law. The…
MO: Governor Jay Nixon Signs Identiy Theft Bill Into Law
Governor Jay Nixon signed several bills into law, including one designed to prevent identity theft. The measure makes it a class A misdemeanor to possess stolen credit card information or devises, even if the info or devise has not been used after being stolen. In a written statement, Nixon praised lawmakers for passing the bill,…
Breach Response Portal Added by Massachusetts Regulator
Cynthia J. Larose of Mintz Levin writes: Pursuant to the Massachusetts data breach notification statute, M.G.L. 93H, notices must be provided to the affected resident, the Attorney General’s office and to the Office of Consumer Affairs and Business Regulation (OCABR). It is not enough that Massachusetts has a sui generis breach notice content statutory requirement (you must tell affected residents of the…
Rhode Island Attorney General Pushing For A State-Level CFAA That Will Turn Researchers, Whistleblowers Into Criminals
Tim Cushing reports that not satisfied to rest on his laurels in the Really Bad Ideas Department, Rhode Island Attorney General Peter F. Kilmartin is behind a legislative proposal that amounts to a very bad state-level version of the federal hacking statute, CFAA. Tim writes: Here’s the worst part of the suggested amendments: Whoever intentionally and without authorization or in…