Collaborate Disseminate
Caleb Skeath and Brooke Kahn of Covington & Burling provide a useful recap of changes in 2018 that will impact us in 2019: …. Following up on our global year-end review of major privacy and cybersecurity developments, we’ve summarized the maj… Continue reading State Data Breach Notification Laws: 2018 in Review
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follo… Continue reading US Breach Laws Are Coming: South Carolina
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowin… Continue reading US Breach Laws Are Coming: Vermont
Kiss that 60-days to notify patients HIPAA bit goodbye if you’re doing business in Colorado. Julie A. Sullivan and Loreli Wright of Greenberg Traurig, LLP write: Passed during the 2018 state legislative session, House Bill 18-1128 went into effec… Continue reading Amendments to data breach notification law in Colorado impact HIPAA-regulated entities
Craig A. Newman of Patterson Belknap writes: Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach. Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev…. Continue reading Another State Data Security Law: Ohio Gets in on the Action
Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Prev… Continue reading Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
I’m really going to miss California when it falls off into the Pacific some day. Zack Whittaker reports: Good news! California has passed a law banning default passwords like “admin,” “123456” and the old classic “password” in all new consumer el… Continue reading California passes law that bans default passwords in connected devices
Akin Gump Strauss Hauer & Feld LLP write: The California Consumer Privacy Act (CCPA), the nation’s broadest privacy protection statute, was enacted by the California Legislature in June 2018 as part of a last-minute deal to stop a proposed statewid… Continue reading The Significance to Businesses of the California Legislature’s Last-Minute Revisions to the 2018 California Consumer Privacy Act
Craig A. Newman of Patterson Belknap writes: By today, financial institutions are required to meet their next deadline for compliance with New York’s cybersecurity law. The regulation – enacted in March 2017 –includes a series of rolling deadlines that… Continue reading NY Cyber Law Hits 3rd Deadline: Toughest Yet to Come
From Hunton Andrews Kurth: On August 3, 2018, California-based Unixiz Inc.(“Unixiz”) agreed to shut downits “i-Dressup” website pursuant to a consent order with the New Jersey Attorney General, which the company entered into to settle charges that it v… Continue reading Unixiz Agrees to Shutter “i-Dressup” Site and Pay Penalty to Settle Charges Under COPPA and the New Jersey Consumer Fraud Act