Cynthia J. Larose of Mintz Levin writes: Pursuant to the Massachusetts data breach notification statute, M.G.L. 93H, notices must be provided to the affected resident, the Attorney General’s office and to the Office of Consumer Affairs and Business Regulation (OCABR). It is not enough that Massachusetts has a sui generis breach notice content statutory requirement (you must tell affected residents of the…
Category: State/Local
Rhode Island Attorney General Pushing For A State-Level CFAA That Will Turn Researchers, Whistleblowers Into Criminals
Tim Cushing reports that not satisfied to rest on his laurels in the Really Bad Ideas Department, Rhode Island Attorney General Peter F. Kilmartin is behind a legislative proposal that amounts to a very bad state-level version of the federal hacking statute, CFAA. Tim writes: Here’s the worst part of the suggested amendments: Whoever intentionally and without authorization or in…
California ransomware bill supported by Hollywood hospital passes committee
Bradley Barth reports: A proposed California legislation imposing specific penalties for ransomware took a step forward yesterday when the state senate’s Public Safety Committee passed the bill at a hearing that featured testimony from Hollywood Presbyterian Medical Center (HPMC) — a notable victim of the ongoing ransomware epidemic. The legislation, Senate Bill 1137, would amend California’s penal code making it…
RESOURCE: State Security Breach Notification Laws
Mintz Levin has updated its convenient chart of state breach notification laws. Read more here. I’ve already downloaded my copy of their updated chart to keep on my desktop.
Tennessee Amends Breach Notification Statute (updated)
Jason C. Gavejian of Jackson Lewis writes: On March 24, 2016, Tennessee’s breach notification statute was amended when Governor, Bill Hallam, signed into law S.B. 2005. Under the amendment, notification of a data breach must now be provided to any affected Tennessee resident within 45-days after discovery of the breach (absent a delay request from law enforcement). Previously,…
Letter to New York State Banks and Insurance Companies: New Cybersecurity Regulations Likely (Part 2 of 2)
Randall J. Collins writes: In my previous post, I reviewed the New York State Department of Financial Services’ (NYDFS) findings and conclusions of survey results of financial institutions and insurers’ programs, costs, and future plans related to cybersecurity. Anthony J. Albanese – Acting Superintendent of Financial Services – writes in a November 9, 2015 letter to Financial and…