Jason C. Gavejian of Jackson Lewis writes: On March 24, 2016, Tennessee’s breach notification statute was amended when Governor, Bill Hallam, signed into law S.B. 2005. Under the amendment, notification of a data breach must now be provided to any affected Tennessee resident within 45-days after discovery of the breach (absent a delay request from law enforcement). Previously,…
Category: State/Local
Letter to New York State Banks and Insurance Companies: New Cybersecurity Regulations Likely (Part 2 of 2)
Randall J. Collins writes: In my previous post, I reviewed the New York State Department of Financial Services’ (NYDFS) findings and conclusions of survey results of financial institutions and insurers’ programs, costs, and future plans related to cybersecurity. Anthony J. Albanese – Acting Superintendent of Financial Services – writes in a November 9, 2015 letter to Financial and…
Plan Now to Comply with New Rhode Island Identity Theft Protection Act
John Ottaviani writes: Businesses, organizations, state and local governmental entities and individuals who collect and store personal information about Rhode Island residents should start planning now to comply with the new Rhode Island Identity Theft Protection Act, which goes into effect on June 26, 2016 and replaces the existing law. Businesses and organizations of any…
Ga. Senator Proposes Bill On Public Data Breach Investigations
Johnny Kauffman reports: A bill filed in the Georgia Legislature by Sen. John Albers (R–Roswell) would mandate companies and state agencies provide details to the attorney general and the governor’s office and give authority to the attorney general’s office to conduct an investigation. The Republican’s bill (SB 276) is called the “Georgia Personal Data Security…
Texas Broadens Unauthorized Access of Computer Law to Specifically Address Insider Misuse
Shawn E. Tuma writes that Texas just amended its unauthorized access of computers law to specifically address misuse by insiders. Here’s a snippet from his detailed post: Nothing was removed from the prior version of the law; the following language in blue italics was added as Section 33.02 (b-1)(2) of the Texas Penal Code: It is a crime for a…
North Carolina Employees are not “Authorized” to Divert Employer Data
Amy R. Worley writes: As the year draws to a close, employer claims under the Computer Fraud and Abuse Act (“CFAA”) against departing employees for stealing or otherwise diverting employer information without authorization to do so are dying slow deaths in many federal courts across the nation. As noted over on the Non-Compete and Trade Secrets…