David Smyth of Brooks, Pierce, McLendon, Humphrey & Leonard, LLP writes: When I was at the SEC and online broker-dealers’ customers were the victims of hacking incidents, I used to wonder, why don’t the broker-dealers require multi-factor authentication to gain access to accounts? It was a silly question. I knew the answer. Multi-factor authentication is a pain and…
Category: State/Local
Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor
Hunton & Williams write: On February 23, 2015, the Wyoming Senate approved a bill (S.F.36) that adds several data elements to the definition of “personal identifying information” in the state’s data breach notification statute. The amended definition will expand Wyoming’s breach notification law to cover certain online account access credentials, unique biometric data, health insurance information, medical…
States Respond to Recent Breaches with Encryption Legislation
Scott Weinstein of McDermott Will & Emery writes: In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider legislation that requires health insurance companies offering health benefits within these states to encrypt certain types of PII, including social…
Say What? Required contents of notice in data breach notifications
Fer O’Neil did some comparisons of state laws on the content of notices. His write-up of what he found is well worth reading. Here’s a snippet from it: The first metric I looked at was the number of states and territories that had some required content of notice. I was a little surprised that 63% (31…
Wyoming Senate committee tackles data privacy bills
Wow. The Wyoming Senate has really been busy considering a number of data breach and privacy bills. James Chilton reports: Legislators began discussing Thursday two bills designed to force businesses affected by data breaches to inform consumers and respond in specific ways. Senate Files 35 and 36 aim to create new, 21st century definitions of…
NY: A.G. Schneiderman Proposes Bill To Strengthen Data Security Laws, Protect Consumers From Growing Threat Of Data Breaches
From the now-we’re-talking-sense dept.: NEW YORK—Attorney General Eric T. Schneiderman announced today that he would propose legislation in Albany to overhaul New York State’s data security law and require new and unprecedented safeguards for the personal data of consumers. Currently, New York State does not have a law directly requiring entities to institute data security…