Tanya Forsheit and M. Scott Koller of BakerHostetler have a good write-up of the new provisions in California law and how the language of AB 1710 has led to some confusion as to whether California now requires breached entities to offer free credit monitoring protection for 12 months if certain types of personal information are…
Category: State/Local
California Amends Data Breach Notification Law, Does Not Require Mandatory Offering of Credit Monitoring
Andrew Hoffman writes: California Governor Jerry Brown signed into law an amendment to California’s data breach notification law on Monday. Although at least one news outlet has reported that the law requires a company to offer credit monitoring services, this interpretation is misguided. Rather, the law only places restrictions on certain companies if they choose to offer identity theft prevention and…
Delaware Joins List of States Regulating Data Disposal
Jason C. Gavejian writes: On January 1, 2015, Delaware employers who dispose of records which contain the unencrypted personal identifying information of employees must take steps to ensure the privacy of such information. The bill, H.B. 294, was recently signed by Delaware’s Governor Jack Markell. Delaware also enacted a companion bill, H.B. 295, in July which imposed the…
Delaware Adopts Law Requiring the Destruction of Consumers’ Personally Identifiable Information.
Steven Caponi and Elizabeth Sloan of Blank Rome LLP write: On July 1, 2014, Delaware Governor Jack Markell signed into law Delaware House Bill 295, which amends Section 6 of the Delaware Code relating to trade and commerce. The new law, 6 Delaware Code §§50C-101 thru 50C-401, places new obligations on commercial entities with respect…
Some comments on the Florida Information Protection Act of 2014
The Florida Information Protection Act of 2014 was approved by Governor Rick Scott on June 20. It has some commendable features (not all of which are new under Florida law), but I also spot some concerns. On a positive note: 1. It uses an access trigger instead of an acquisition trigger for notification. 2. It now…
Los Angeles County moves to require computer encryption after medical data breach
Abby Sewell reports: Following a break-in at a county health contractor’s office that led to the theft of computers containing personal information about more than 342,000 patients, Los Angeles County supervisors moved to tighten protocols for protecting data. The county already requires that workers’ laptops be encrypted. The supervisors voted Tuesday to extend that policy…