Hunton & Williams write: On February 23, 2015, the Wyoming Senate approved a bill (S.F.36) that adds several data elements to the definition of “personal identifying information” in the state’s data breach notification statute. The amended definition will expand Wyoming’s breach notification law to cover certain online account access credentials, unique biometric data, health insurance information, medical…
Category: State/Local
States Respond to Recent Breaches with Encryption Legislation
Scott Weinstein of McDermott Will & Emery writes: In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider legislation that requires health insurance companies offering health benefits within these states to encrypt certain types of PII, including social…
Say What? Required contents of notice in data breach notifications
Fer O’Neil did some comparisons of state laws on the content of notices. His write-up of what he found is well worth reading. Here’s a snippet from it: The first metric I looked at was the number of states and territories that had some required content of notice. I was a little surprised that 63% (31…
Wyoming Senate committee tackles data privacy bills
Wow. The Wyoming Senate has really been busy considering a number of data breach and privacy bills. James Chilton reports: Legislators began discussing Thursday two bills designed to force businesses affected by data breaches to inform consumers and respond in specific ways. Senate Files 35 and 36 aim to create new, 21st century definitions of…
NY: A.G. Schneiderman Proposes Bill To Strengthen Data Security Laws, Protect Consumers From Growing Threat Of Data Breaches
From the now-we’re-talking-sense dept.: NEW YORK—Attorney General Eric T. Schneiderman announced today that he would propose legislation in Albany to overhaul New York State’s data security law and require new and unprecedented safeguards for the personal data of consumers. Currently, New York State does not have a law directly requiring entities to institute data security…
Proposed data breach bill in Washington State: comments
So I’ve just read the proposed legislation for revising Washington State’s data breach notification law (see the WA AG’s press release on the proposal here). A few comments/observations on the bill: 1. The bill eliminates the word “computerized” before “data,” thereby seemingly expanding the data breach notification requirements to paper records or other formats. That…