Susan Palmer reports: An obscure state regulation — one that requires districts to keep student records for decades — is one reason several thousand Eugene School District students are at risk of having their Social Security numbers hijacked following a security breach of the district’s electronic records. School districts must retain student records for 75…
Category: State/Local
Vermont Updates Data Breach Notification Law
Cynthia Larose and Amy Malone describe recent changes to Vermont’s law that strengthens some consumer protections: Effective as of May 8, 2012, Vermont’s updated data breach law (Act 109) brings along several changes. The biggest change is in the notification requirements. Notification to consumers must now occur no later than 45 days after discovery of the incident and must…
OH: Legislation proposal would require online security breaches to be reported
Jim Siegel reports that Rep. John Patrick Carney is planning to introduce a law requiring state agencies, businesses, and institutions to report any database security breach to the Ohio attorney general’s office if any Ohio resident’s personal information was accessed. Notification would have to be made within 40 days of discovery of a breach. Ohio…
NJ assembly passes bill requiring information stored on copy machines, scanner be deleted
In an effort to combat identity theft, a bill that would require information stored on copier machines and scanners used by consumers be wiped clean has passed the New Jersey Assembly. Democrats Paul Moriarty, Herb Conaway, M.D., and Dan Benson sponsored to combat identity theft by requiring the hard drives of all digital copy machines…
Maryland legislature passes law to help prevent child identity theft
Maryland lawmakers have approved a first-of-its-kind measure to enable parents to protect their children from having their credit damaged by identity theft. The measure, which a spokeswoman for Gov. Martin O’Malley says he is likely to sign, will allow parents to take the step of freezing their child’s credit at any time. Read more from…
Final phase of Mass. data protection law kicks in March 1
Jaikumar Vijayan reports: All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010. The law (download PDF) is designed to ensure that companies holding data…