Litigation and legal developments concerning data breaches.
Hunton Andrews Kurth writes: On October 8, 2023 and October 10, 2023, California Governor Gavin Newsom signed A.B. 947, A.B. 1194, S.B. 362 and S.B. 244 into law. A.B. 947 amends the California Consumer Privacy Act of 2018’s (“CCPA”) definition of “sensitive personal information” to include personal information that reveals a consumer’s “citizenship or immigration status,” while A.B. 1194 amends the […]
Don Nokes of NetCenergy, an outsourced IT service provider, explains the emerging threat and provides this example: Once the bad actors learn (possibly from first hacking a firm’s email) that a financial transaction is taking place, they send an AI-generated voice message to confirm where to send the funds. The fund transferer hears the familiar […]
In October 2023, Perkins & Coie published an update to existing federal breach notification laws. They write: Following last year’s passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) (rulemaking for which should formally commence in 2024), the major action on the federal front this year came from the SEC, which formalized disclosure […]
In October 2023, Perkins & Coie published an update to state laws for data security requirements: In addition to revisions to breach notification statutes, states are making a variety of changes to substantive data security obligations. Changes applicable to private companies include: For details on the above, see the Perkins & Coie article on their […]
In October 2023, Perkins Coie published an update to existing state breach notification laws. Pennsylvania The first major update to Pennsylvania’s Breach of Personal Information Notification Act was passed earlier this year. The updates include a range of changes consistent with those adopted in other states in the last several years, so these updates are unlikely […]
As seen on Bloomberg Law: A new US notification requirement for victims of malicious hacks could push in-house counsel to disclose cyberattacks when faced with ransomware and other network compromises. Among the first-ever cyber regulations to be enforced by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the top US cyber authority, the […]
From a recent article on Reuters: Government regulators are seemingly as numerous as the stars nowadays, especially in the universe of data incidents. When organizations experience a data incident, they will need to quickly assess what happened, why it happened, and who (e.g., clients, consumers, vendors, employees) was affected. They will also need to chart […]
Attorney-General and Minister for Justice and Minister for the Prevention of Domestic and Family Violence The Honourable Yvette D’Ath issued the following statement: The Palaszczuk Government has today introduced legislation to establish a mandatory data breach notification scheme in Queensland, as recommended by the Coaldrake Review. The Information Privacy and Other Legislation Amendment Bill 2023 implements […]
The state Senate today approved bipartisan legislation sponsored by Sen. Tracy Pennycuick (R-24) to strengthen notification requirements for data breaches and provide affected citizens with free credit monitoring and a credit report. Senate Bill 824, introduced with Sen. Jimmy Dillon (D-5), would provide citizens affected by a data breach a free credit report and a year of […]
The law firm of Hogan Lovells has an article about FDA’s finalized guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” They note: FDA’s new final guidance replaces the April 2022 draft guidance of the same name, which we analyzed online here, and it also supersedes FDA’s 2014 final guidance “Content of Premarket Submissions for Management […]
