Tag Archives: Data Breach Notification Laws

Effective Oct. 1, 2021: Connecticut Expands Data Breach Notification Statute

On June 16, 2021, the Connecticut General Assembly adopted an expanded version of Connecticut’s data breach notification statute (2021 CT H.B. 5310 (NS)). Through this expansion, Connecticut’s data breach notification statute will be updated, effective Oct. 1, 2021, to (1) broaden the definition of “personal information,” (2) shorten the amount of time within which businesses … Continue Reading

Key Changes to New York Breach Notification and Data Security Protection Requirements from the New York SHIELD Act

By David Kitchen and Damon C. Barhorst on June 9, 2020 Posted in Data Breach Notification Laws

The New York SHIELD Act,[1] officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements … Continue Reading

Colorado Enacts Sweeping Changes to Data Breach Reporting Requirements and Adds New Data Security Requirements

By David M. Brown on May 31, 2018 Posted in Data Breach Notification Laws, State Legislation

Colorado’s Gov. John Hickenlooper signed a bill that significantly strengthens its current data breach notification requirements and adds new measures designed to enhance protections for consumer data privacy. The new law will go into effect on Sept. 1, 2018. Disposal of personal identifying information As previously discussed here (while the bill was in committee), HB18-1128 … Continue Reading

Arizona Expands Its Data Breach Notification Statute

By Anthony P. Valach and Julie Hein on May 22, 2018 Posted in Breach Notification

Effective August 1, 2018, the House Bill 2154 recently signed by the Arizona governor will expand the current Arizona data breach notification law. Following the trend of other states, the amended statute expands the definition of “personal information.” The law will now require individual and regulatory notification within 45 days of a breach and will … Continue Reading

Delaware Revamps Its State Data Breach Notification Statute

By David M. Brown on August 23, 2017 Posted in Data Breach Notification Laws, State Legislation

On Aug. 17, 2017, Delaware revamped its existing data breach notification statute. In doing so, Delaware became the second state (joining Connecticut) to mandate offering individuals affected by a breach of security involving Social Security numbers at least one year of complimentary credit monitoring services. The new law takes effect on April 14, 2018, and … Continue Reading

Tennessee Revamps Its State Data Breach Notification Statute

By David M. Brown on April 1, 2016 Posted in Data Breach Notification Laws

Tennessee amended its data breach notification statute to potentially require notification of a data breach to affected individuals regardless of whether the personal information involved in the security incident was encrypted. On July 1, Tennessee becomes the first state to remove its encryption safe harbor; there is still an ability to perform a risk analysis … Continue Reading

California Amends Its Breach Notification Statute

By M. Scott Koller on October 12, 2015 Posted in Data Breach Notification Laws

For the third time in as many years, California has once again amended its breach notification statute. This time it expanded the definition of “personal information,” clarified the term “encryption,” and mandated additional formatting and content requirements for individual notification letters. These amendments impact both companies and agencies and will go into effect on January … Continue Reading

State Law Roundup: Legislatures Across the U.S. Revamp Data Breach Notification Laws

By M. Scott Koller, Melinda L. McLellan and Jenna N. Felz on July 27, 2015 Posted in Breach Notification, Data Breach Notification Laws, State Legislation

As the number of highly publicized data breaches continues to skyrocket and proposals for a federal data breach notification law stagnate, state legislatures around the country have been busy amending their own breach notification statutes. So far, 2015 has been a banner year for state breach law makers, with nine states formalizing amendments to their … Continue Reading

Canada Moves Forward with Mandatory Federal Security Breach Notification Law

By Melinda L. McLellan on June 23, 2015 Posted in Data Breach Notification Laws, International Privacy Law

On June 18, 2015, the Canadian Minister of Industry announced that the Digital Privacy Act, which amends Canada’s foundational Personal Information Protection and Electronic Documents Act (PIPEDA), has received royal assent and is now law. Although the Act contains a number of provisions that are likely to impact organizations doing business in Canada, certain key … Continue Reading

2015 BakerHostetler Incident Response Report Shows One in Five Breaches Involved Paper Records

By Melinda L. McLellan on June 1, 2015 Posted in Cybersecurity, Data Breach Notification Laws, Data Breaches, Incident Response

BakerHostetler’s inaugural Data Security Incident Response Report offers a wealth of information regarding the causes of data security breaches, the manner in which those incidents are handled, and the legal and regulatory aftermath for affected companies. Among the Report’s interesting takeaways is a rebuttal of the popular assumption that data security incidents are all about … Continue Reading