Tag Archives: breach notification

Federal Banking Regulators Issue 36-Hour Computer-Security Incident Notification Requirement

As the federal government continues its whole-of-government response to cyber incidents, federal banking regulators took action to impose a new notice requirement on federally regulated banks. In November, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Federal Reserve Board of Governors (“Board”) jointly issued a final … Continue Reading

New Year Brings Trio of U.S. Breach Notification Amendments

By Andreas Kaltsounis on January 7, 2020 Posted in Breach Notification

Along with the California Consumer Privacy Act, the new year brought us a trio of updated breach notification laws, in Oregon, Texas and Illinois. The Oregon law is of the most interest because it is the first to require that vendors notify the state’s attorney general of breaches in some cases. It also requires a … Continue Reading

Maryland Insurance Administration Issues Breach Notification Bulletin

By Patrick H. Haggerty on September 4, 2019 Posted in Breach Notification

On Aug. 29, 2019, the Maryland Insurance Administration (MIA) issued Bulletin 19-14. The purpose of the bulletin is to inform insurers, nonprofit health service plans, health maintenance organizations, managed care organizations, managed general agents and third-party administrators of a new security breach reporting requirement to the Compliance & Enforcement Unit at the MIA. Effective Oct. … Continue Reading

Australia’s New Breach Notification Law Set to Take Effect February 2018

By Melinda L. McLellan and Emily R. Fedeles on March 7, 2017 Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, International Privacy Law

On February 13, 2017, the Australian Senate passed a bill establishing a mandatory requirement to notify the Privacy Commissioner and affected individuals of “eligible” data breaches. The Privacy Amendment (Notifiable Data Breaches) Act 2016, which was passed by the House of Representatives the previous week, amends Australia’s Privacy Act 1988 and is slated to take … Continue Reading

Tennessee Revamps Its State Data Breach Notification Statute

By David M. Brown on April 1, 2016 Posted in Data Breach Notification Laws

Tennessee amended its data breach notification statute to potentially require notification of a data breach to affected individuals regardless of whether the personal information involved in the security incident was encrypted. On July 1, Tennessee becomes the first state to remove its encryption safe harbor; there is still an ability to perform a risk analysis … Continue Reading

Incident Response Practice Tip: Balance Meeting Breach Notification Deadlines With Securing Your Network

By Theodore J. Kobus III on September 15, 2015 Posted in Breach Notification, Data Breach Notification Laws, Incident Response

State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident. Washington’s new law, which went into effect on July 24, includes a 45-day deadline for notification but goes further to allow for … Continue Reading

State Law Roundup: Legislatures Across the U.S. Revamp Data Breach Notification Laws

By M. Scott Koller, Melinda L. McLellan and Jenna N. Felz on July 27, 2015 Posted in Breach Notification, Data Breach Notification Laws, State Legislation

As the number of highly publicized data breaches continues to skyrocket and proposals for a federal data breach notification law stagnate, state legislatures around the country have been busy amending their own breach notification statutes. So far, 2015 has been a banner year for state breach law makers, with nine states formalizing amendments to their … Continue Reading

2015 BakerHostetler Incident Response Report Shows One in Five Breaches Involved Paper Records

By Melinda L. McLellan on June 1, 2015 Posted in Cybersecurity, Data Breach Notification Laws, Data Breaches, Incident Response

BakerHostetler’s inaugural Data Security Incident Response Report offers a wealth of information regarding the causes of data security breaches, the manner in which those incidents are handled, and the legal and regulatory aftermath for affected companies. Among the Report’s interesting takeaways is a rebuttal of the popular assumption that data security incidents are all about … Continue Reading

What’s on the Horizon in the Golden State?

By Tanya Forsheit on December 16, 2014 Posted in Breach Notification, Cybersecurity, Data Breach Notification Laws, Marketing, Online Privacy

As we near the turn of the year into 2015, organizations should keep an eye on laws taking effect on the West Coast. This year, the crop of new privacy statutes includes a few without precedent anywhere in the country. The focus? Kids and security. Following are a few examples of new California laws taking … Continue Reading

North Dakota Breach Notification Law – Personal Information Includes Health Information

By Kimberly M. Wong on September 29, 2013 Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, HIPAA/HITECH, Medical Privacy, State Legislation

North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of “personal information” to include “medical information” and health insurance information.” Pursuant to the amended statute, “medical information” includes any information regarding an individual’s medical history, mental or physical condition, … Continue Reading

France’s New Breach Notification Requirements

By Maryanne Stanganelli on June 5, 2012 Posted in Breach Notification, Data Breach Notification Laws, International Privacy Law

On May 28, 2012, the French data protection regulator (CNIL) released new guidance on breach notification laws. The guidance regards a 2011 ordinance that recently came into force on April 1. Among other things, the ordinance amends existing French data protection law (Law on Information Technology and Liberties (78-17 of 1978)) to reflect the EU … Continue Reading

California Strengthens Breach Notification Requirements

By Lynn Sessions on September 2, 2011 Posted in Breach Notification

This week California Governor Jerry Brown signed into law a new California data breach statute that strengthens notification requirements for residents of California. California currently has some of the most prolific and detailed consumer protection oriented laws impacting privacy and breach protection in the country. The current law requires that any entity that owns or … Continue Reading

SAFE Data Act Approved by House Subcommittee

By Craig A. Hoffman on July 21, 2011 Posted in Data Breach Notification Laws, Federal Legislation

The House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Mary Bono Mack (CA), approved the Secure and Fortify Electronic Data Act (H.R. 2577) (SAFE Data Act) following lengthy debate on July 20, 2011. The SAFE Data Act contains information security requirements and breach notice obligations consistent with Rep. Bono Mack’s statements following the … Continue Reading