Paula Stannard reminds us: As a result of recent breaches – including breaches of health information and information held by health insurers – a great deal of attention has recently been focused on state data breach notification requirements. Most States have general data breach notification requirements that apply to all data breaches, including those involving…
Category: State/Local
State Data Breach Notification Law Updates
If you’ve been meaning to get caught up with changes in state data breach notification laws, check out this article by Cynthia J. Larose of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. The article covers developments in New Jersey, Montana, Connecticut, Washington State, and New Mexico (where they’re still trying to get their first data breach notification law).
Illinois Attorney General seeks stronger data breach bill
Attorney General Lisa Madigan recently drafted legislation to strengthen the state’s Personal Information Protection Act (PIPA). Originally passed in 2005 at Attorney General Madigan’s direction, PIPA made Illinois among the first states in the country to require entities that suffer a data breach to notify Illinois residents if the breached information included residents’ drivers’ license…
NY: Two-Factor Authentication May Be Coming to a Bank Near You
David Smyth of Brooks, Pierce, McLendon, Humphrey & Leonard, LLP writes: When I was at the SEC and online broker-dealers’ customers were the victims of hacking incidents, I used to wonder, why don’t the broker-dealers require multi-factor authentication to gain access to accounts? It was a silly question. I knew the answer. Multi-factor authentication is a pain and…
Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor
Hunton & Williams write: On February 23, 2015, the Wyoming Senate approved a bill (S.F.36) that adds several data elements to the definition of “personal identifying information” in the state’s data breach notification statute. The amended definition will expand Wyoming’s breach notification law to cover certain online account access credentials, unique biometric data, health insurance information, medical…
States Respond to Recent Breaches with Encryption Legislation
Scott Weinstein of McDermott Will & Emery writes: In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider legislation that requires health insurance companies offering health benefits within these states to encrypt certain types of PII, including social…