2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
On June 28, 2024, Pennsylvania Governor Josh Shapiro signed an amendment to Pennsylvania’s Breach of Personal Information Notification Act into law. The amended law, which includes significant changes to the Keystone State’s...more
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is...more
Vermont recently amended its data breach notification law. The changes will go into effect July 1, 2020. As amended, the definition of “personal information” now includes the following when combined with a consumer’s first...more
Governor Gavin Newsom just signed into law two amendments to the California Consumer Privacy Act (CCPA) that will have a direct impact on employers doing business in the state. The new amendments, signed on October 11, 2019...more
Illinois has updated its breach notice law to require, effective January 1, 2020, notice to the Illinois Attorney General of a data breach involving more than 500 Illinois residents. The law contains specific requirements...more
Maryland has amended its breach notification law to require businesses that maintain data, not just those that own or license the data, to conduct “a reasonable and prompt investigation” into whether personal information has...more
A few weeks ago, Texas signed into law an amendment to its data breach law, capping off a busy first half of 2019 for state lawmakers in this arena. As we gear up for the second half of 2019, we thought a recap was...more
Businesses in Texas that own or license computerized data will expect a shortened data breach notification deadline for any breach of sensitive personal information after January 1, 2020. Meanwhile, reporting to state...more
On April 30, 2019, Maryland governor Larry Hogan approved a series of amendments to the Maryland Personal Information Protection Act. The amendments, effective October 1, 2019, impact data breach obligations imposed on...more
Washington joins Massachusetts as the second state this year to amend its data breach notification law. The amendments will not take effect, however, until March 1, 2020. As amended, the definition of personal information has...more
On April 16, 2019, Representatives Saine, Jones and Reives introduced House Bill 904, the long anticipated amendments to the North Carolina Identity Theft Protection Act, N.C. Gen. Stat. § 75-61 et seq.. We first wrote about...more
On Thursday, April 11, 2019, Massachusetts' revisions to its data breach notification law came into effect with significant changes to how a company handling residents’ personal information must respond to a data breach....more
An amendment to New Jersey’s data breach notification requirements of the Consumer Fraud Act is currently awaiting signature by State Governor Phil Murphy. The bill, Assembly No. 3245, was recently passed by both the New...more
Massachusetts’ breach notice law has been amended, requiring companies who suffer a data breach to provide more information to the Attorney General about the incident. The law will go into effect in a month, on April 11,...more
The Governor of Massachusetts has just signed into law amendments to the state’s data breach notification law. The amendments will go into effect April 11, 2019. Under the amended law, companies whose breaches involve Social...more
This spring has brought a particularly active round of revisions to state data breach notification laws. Most notably, as of July 1, 2018, every state will have a breach notification law. Alabama and South Dakota both passed...more
Continuing a trend in the last few years, in 2017, eight states amended their security breach notification laws to expand definitions of “personal information”, specify the timeframe in which notification must be provided,...more
On August 17, 2017, Delaware amended its personal information protection law, Delaware Code Title 6, Chapter 12B. The amendment becomes effective 240 days after enactment or March 14, 2018. The amended law significantly...more
After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz...more
Following on the heels of an active 2015, where eight states enacted changes to their data breach notification laws, another five states amended their statutes in 2016, adding complexity to the current “patchwork” system of...more
On September 13, 2016, California Governor Jerry Brown signed into law AB 2828, an amendment to the law that requires businesses to disclose data breaches to California residents whose personal information has been...more
Removes the Encryption Safe Harbor, Limits the Timing of Notice, and Expands “Unauthorized Persons” - Effective July 1, 2016, Tennessee becomes the first state to remove the encryption safe harbor from its data breach...more