Scott Koller explains: The state of New Hampshire recently enacted House Bill 322 (“HB 322”), which requires the Department of Education (“DOE”) to implement additional procedures to protect student and teacher data from security breaches. Those procedures now include a breach notification requirement. Effective August 11, 2015, the DOE must develop a detailed security plan…
Category: State/Local
Rhode Island Governor signs new comprehensive Identity Theft Protection Act
Linn Freedman writes: On June 26, 2015, Rhode Island Governor Gina Raimondo signed Senate Bill S0134, the Rhode Island Identity Theft Protection Act of 2015, which substantially revises the old law, including breach notification. Specifically, the new law requires municipal agencies, state agencies and any “person” that “stores, collects, processes, maintains, acquires, uses, owns or…
Wyoming seeks to safeguard student info
Trevor Brown reports: After hearing a report that identified numerous security lapses, Wyoming lawmakers are considering a bill that would require school districts to better protect students’ personal information. A legislative committee was briefed Tuesday on a recent state Department of Audit report that found 42 of the state’s 48 school districts had issues related…
Oregon updates and expands data breach statute
Alston & Bird write: Oregon has updated its data breach notification statute to broaden the definition of personal information that will trigger notice to individuals and add the requirement to notify the state’s Attorney General of certain breaches. Oregon Governor Kate Brown signed into law SB601 on June 10, and it was enrolled on June 15. The…
North Dakota amends data breach notification law
Christin McMeley and Bryan Thompson write: On April 13 North Dakota Governor Jack Dalrymple signed S. 2214 into law, which amended the state’s data breach statute in an attempt to expand the reach of the state’s notification requirements and the range of businesses subject to them. As the law is currently written, North Dakota’s data breach statute…
Nevada expands definition of PI for purposes of the state’s breach and safeguards laws
Morrison & Foerster LLP write: Nevada’s recently amended law will, among other things, create the first state mandate to encrypt online account credentials. Specifically, on May 13, 2015, Nevada Governor Sandoval approved a bill (“AB 179”) to expand the definition of “personal information” for purposes of the state’s security breach notification and personal information safeguards…