On May 29, 2018, Governor Hickenlooper signed HB—1128 into law. Importantly, the Bill amends the State’s data breach notification law to require that affected Colorado residents be notified within 30 days of a data breach, and specifies the information that must be included in the data breach notice. The new law, which takes effect September 1, 2018, applies to “covered entities,” (if your business maintains, owns, or licenses information of Colorado residents, regardless of where the business or data is based, it is a “covered entity”), also sets forth certain data security requirements, and adds requirements regarding the disposal of personal identifying information.
A bi-partisan privacy and data security bill, which will significantly impact companies with North Carolina employees, is in the works. North Carolina State Representative Jason Saine (R), Appropriations Chairman of Information Technology, has joined with North Carolina Attorney General Josh Stein (D) to strengthen protections against identity theft in North Carolina. The unique pair are co-authoring a bill titled, “The Act to Strengthen Identity Theft Protections” (the “Bill”). Through the Bill, the authors desire to provide stronger protections, while at the same time avoid hampering innovation in the private sector.
No! It is a common misconception among the general public that someone always has to pay when there is a data breach. It is understandable that individuals affected by a data breach will be upset, distraught, and even angry. In light of recent large-scale data breaches, it is safe to say we have all been there, with our personal information that we entrusted to particular companies or employers now out there in the hands of cyber thieves.
Citing a sixty percent increase in data breach notifications from 2015 to 2016, New York Attorney General Eric Schneiderman recently introduced the Stop Hacks and Improve Data Electronic Security Act (SHIELD) bill. The legislation would require companies that handle sensitive date of New York residents to adopt “reasonable administrative, technical and physical protections for data.”