So I’ve just read the proposed legislation for revising Washington State’s data breach notification law (see the WA AG’s press release on the proposal here). A few comments/observations on the bill: 1. The bill eliminates the word “computerized” before “data,” thereby seemingly expanding the data breach notification requirements to paper records or other formats. That…
Category: State/Local
IN: AG Zoeller, Sen. Merritt propose legislation to protect Hoosiers from identity theft, data breaches
Press release: In response to growing concerns about online privacy and data protection, Indiana Attorney General Greg Zoeller today announced a legislative proposal to provide greater safeguards of Hoosiers’ personal and financial information online. Zoeller’s proposal has three main components aimed at providing stricter requirements for the safe storage of sensitive data, reducing harm to…
NJ & NY Propose Amendments To Data Breach Laws
Jason C. Gavejian and Marlo Johnson Roebuck write: The New Jersey Assembly on December 15 unanimously approved, by a vote of 75-0, a bill designed to better protect consumers from identify theft. Bill A3146, if approved by the Senate, would expand the state’s law to include disclosure of a breach of security of online accounts. […]…
California’s Latest Amendments to Its Data Security Breach Notification Law – Much Ado about Nothing?
Tanya Forsheit and M. Scott Koller of BakerHostetler have a good write-up of the new provisions in California law and how the language of AB 1710 has led to some confusion as to whether California now requires breached entities to offer free credit monitoring protection for 12 months if certain types of personal information are…
California Amends Data Breach Notification Law, Does Not Require Mandatory Offering of Credit Monitoring
Andrew Hoffman writes: California Governor Jerry Brown signed into law an amendment to California’s data breach notification law on Monday. Although at least one news outlet has reported that the law requires a company to offer credit monitoring services, this interpretation is misguided. Rather, the law only places restrictions on certain companies if they choose to offer identity theft prevention and…
Delaware Joins List of States Regulating Data Disposal
Jason C. Gavejian writes: On January 1, 2015, Delaware employers who dispose of records which contain the unencrypted personal identifying information of employees must take steps to ensure the privacy of such information. The bill, H.B. 294, was recently signed by Delaware’s Governor Jack Markell. Delaware also enacted a companion bill, H.B. 295, in July which imposed the…