Tag Archives: Data Breach Notification

Data Breach Notification Law Roundup

Just when you think you have it all under control, the data breach notification law landscape changes – again. Over the past few weeks, several data breach notification statutes were updated, including an effective date for Canada’s mandatory breach notification obligations, as well as the adoption of legislation in the two holdout states (Alabama and … Continue Reading

Nebraska Amends Data Breach Notification Law

Last week, Nebraska Governor Pete Ricketts signed into law LB 835, which makes the following amendments to the state’s data breach notification statute: Adds to the definition of “personal information” a user name or email address, in combination with a password or security question and answer, that would permit access to an online account. Requires … Continue Reading

Tennessee to Require Breach Notification within 14 Days

Last week, Tennessee Governor Bill Haslam signed into law SB 2005, which makes two amendments to the state’s data breach notification statute – effective July 1, 2016. With these amendments, Tennessee has joined a handful of other states that have strengthened – or are attempting to strengthen – their breach notification statutes in light of … Continue Reading

California Enacts Three Bills Amending Breach Notification Statute

Last week, California Governor Jerry Brown signed into law three bills that revise California’s data breach notification statute. The bills, which take effect January 1, 2016, establish specific formatting requirements for the consumer breach notice letter; define “encrypted”; and create notice, security, and privacy obligations for data captured by automated license plate recognition (ALPR) systems. … Continue Reading

Washington State Amends Data Breach Notification Statute

Last week, the Washington Governor signed into law amendments to the state’s data breach notification statute. Importantly, the amendments, which take effect July 24, 2015, (1) expand the statute to cover breaches of non-computerized data; (2) mandate that businesses notify the Washington Attorney General of a breach affecting more than 500 Washington residents; and (3) … Continue Reading

The Year of the Breach: California Attorney General Releases 2013 Data Breach Report

On Tuesday, the California Attorney General released the second annual data breach report, summarizing the 167 data breaches reported to the Attorney General’s office in 2013, and providing privacy and security recommendations for businesses. According to the report, the retail, finance, and healthcare industries reported over 60 percent of the 167 breaches, over half of … Continue Reading

Florida Overhauls Data Breach Notification Law

Last Friday, Florida enacted a new Information Security Act that repeals the state’s existing data breach notification law and increases companies’ reporting obligations and liability in the event of a data security breach. The new law takes effect July 1, 2014. Likely in response to the recent high-profile breaches, several states have introduced legislation to … Continue Reading

Kentucky Enacts Data Breach Notification Law

Last week, Kentucky enacted a data breach notification law, becoming the 47th state to require notice to consumers in the event of a breach of unencrypted personally identifiable information. The law’s author, Representative Steve Riggs (D-Louisville), stated that he drafted the bill in response to learning that his state was one of only four (including … Continue Reading
LexBlog