David Navetta writes: The state of Virginia has passed a breach notice law requiring notice of security breaches involving medical information. […] “Breach of the security of the system” means unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security, confidentiality, or integrity of medical information maintained by an individual or…
Category: State/Local
Addition to Washington Breach Law Imposes Retailer Liability in Payment Card Breaches
Under a Washington law effective July 1, 2010, certain entities involved in payment card transactions may be liable to financial institutions for costs associated with reissuing payment cards after security breaches. Designed to encourage the reissuance of payment cards as a means of mitigating harm caused by security breaches, Washington H.B. 1149 applies to three…
Nevada and New Hampshire Data Security and Privacy Laws Take Effect
Hunton & Williams LLP write: On January 1, 2010, two important state data security and privacy laws took effect in Nevada and New Hampshire. The laws create new obligations for most companies that do business in Nevada and for health care providers and business associates in New Hampshire. Nevada’s law requires “data collectors,” including government…
Massachusetts Data Security Regulations Final Amendments Released
Tanya Forsheit reports: As we noted earlier this week, Massachusetts indicated late last week it would issue its last round of amendments to its data security regulations scheduled to take effect March 1, 2010, 201 CMR 17.00. The last round of amendments are not particularly significant, although it is worth noting that, contrary to the…
Schwarzenegger vetoes Simitian’s privacy protection bill
Governor Schwarzenegger vetoed State Senator Joe Simitian’s (D-Palo Alto) Senate Bill 20. The bill would have strengthened and updated California’s landmark privacy protection law that requires businesses and state agencies to notify residents when sensitive personal information is lost or stolen from their databases. “I’m surprised as well as disappointed by the Governor’s veto,“ said…
Ohio Officials, Insurers Look to Protect Policyholder Data
Starting Nov. 2, 2009, Ohio regulators and all insurance companies that do business in the state will begin new procedures designed to protect policyholders’ personal information. Insurance companies will be required to report any loss of policyholder information within their possession to the Department of Insurance within 15 days of the discovery that the information…