Joe Lazzarotti of Jackson Lewis writes: It usually happens after a reported data breach. The organization experiencing the breach sends notifications to affected individuals, as well as federal and or state agencies where appropriate and perhaps other parties. Not long thereafter, the organization receives an inquiry from one or more government agencies. These inquiries typically…
Category: State/Local
Nevada Gaming Commission Adopts Cybersecurity Regulations
Joseph Lazzarotti of JacksonLewis writes: On December 22, 2022, the Nevada Gaming Commission (NGC) adopted regulations creating new cybersecurity requirements for certain gaming operators. This action joins agencies in other jurisdictions moving quickly to protect consumers and their personal information in the gaming industry. The NGC adopted the October 17, 2022 version of the regulations, which become effective January…
PA: Media’s reporting on breach led to new state data breach law
Rick Earle reports: An exclusive Target 11 investigation into a massive data breach last year has led to a new state law meant to protect every citizen of the Commonwealth. Target 11 Investigator Rick Earle broke the story of that data breach last April and now because of his reporting, state lawmakers passed legislation requiring timely notification of…
New South Wales gets first state-based data breach notice scheme
Justin Hendry reports: New South Wales will have Australia’s first mandatory data breach notification scheme for public sector entities in place within a year after state government legislation passed Parliament. The Privacy and Personal Information Protection Amendment Bill underpinning the long-promised regime sailed through the Legislative Council last night without amendment, having passed the Legislative Assembly…
NY: DFS Superintendent Adrienne A. Harris Announces Updated Cybersecurity Regulation
Amends First-In-The-Nation Cybersecurity Regulation Created in 2017 in Response to Increasingly Sophisticated Technologies and Threats The Department Seeks Comments on the Proposed Regulation During the Next 60 Days Superintendent of Financial Services Adrienne A. Harris announced today that the New York State Department of Financial Services (DFS) proposed an updated cybersecurity regulation. DFS’s original regulation, which…
Bug Bounties and Ransomware Demands: Storm Clouds Ahead for In-House Counsel
Michael Ward, Matthew Baker, and Jessica Wu of Baker Botts write about the conviction of Uber’s former security chief for felony violations of obstructing a Federal Trade Commission investigation and “misprision of felony” for failing to disclose a 2016 data breach. They then discuss issues for in-house counsel that the case raises, beginning with: Action…