Collaborate Disseminate
WHTM reports: Pennsylvania Senator Kristin Phillips, who chairs the technology committee, held a hearing on June 7 about a proposal to require prompt disclosure whenever there is a data breach within the state government. In her opinion, the state shou… Continue reading Pennsylvania lawmakers consider requiring government data breach notifications
Hunton Andrews Kurth writes: On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to … Continue reading California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information
James Bogan III of Kilpatrick Townsend & Stockton LLP writes: Takeaway: In a prior article, we reported on the Second Circuit’s decision in McMorris v. Carlos Lopez & Associates, LLC, 995 F.3d 295 (2d Cir. 2021), in which the court, ruling on a… Continue reading Data breach class actions: Southern District of New York dismisses action against health care providers for lack of standing
Alyssa M. Sones of SheppardMullin writes about a data breach lawsuit with a somewhat different, albeit unsuccessful, approach. Sones explains: Fraser’s allegation that Mint had a role in helping the hacker gain control of his phone number sets this cas… Continue reading Mint gets data breach claims dismissed
Hunton Andrews Kurth writes: In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Kentucky Governor Andy Beshear signed … Continue reading Two States Enact Insurance Data Security Laws
Hunton Andrews Kurth writes: On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. North Carolina’s new law, which was passed as … Continue reading North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
On March 18, 2022, Indiana Governor Eric Holcomb signed into law an amendment to Indiana’s data breach notification statute. The amendment requires notification of a data breach to affected individuals and the Indiana Attorney General without unreasona… Continue reading Indiana Amends State Data Breach Notification Law
Antonia Noori Farzan reports: Lawmakers say that last year’s breach of Rhode Island Public Transit Authority computer systems highlighted glaring problems with the way the state responds to the theft of people’s personal data. […] DiP… Continue reading Rattled by RIPTA breach that affected 22,000, lawmakers propose policy changes
Linn Foster Freedman of Robinson + Cole writes: Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifi… Continue reading Indiana Amends Breach Notification Law to Require Notification Within 45 Days
Deborah George of Robinson & Cole writes: California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enact… Continue reading At Least 22 States Have Consumer Privacy Legislation Pending – Will 2022 Be the Year for More State Privacy Laws?