Understanding the California Consumer Privacy Act (CCPA): Part One

In 2020, California Consumers will be granted new online privacy protections under a first-of-its-kind California law. A sweeping new privacy law — the California Consumer Privacy Act of 2018 (CCPA) is the nation’s toughest privacy law and could serve as a model for other states. The bill came to a vote in both houses on June 28, 2018. The assembly voted 69-0 to approve it shortly after the Senate approved it 36-0 , and was signed by Gov. Jerry Brown the same day. The CCPA…
Continue reading...

Firewall’s Up: South Carolina Passes First-of-its-Kind Insurance Data Security Act

South Carolina recently became the first state to pass legislation modeled closely on the Insurance Data Security Model Law that was approved by the National Association of Insurance Commissioners (NAIC) last October. Amid the rising incidence of cyberattacks, cyber security is a key issue facing the insurance sector. South Carolina has taken a proactive step in protecting their business and customers from possible data breaches. The South Carolina Department of Insurance (SCDOI) Data Security Act, signed by the Governor on May 3, 2018, will become…
Continue reading...

New York AG Seeks to Require Privacy Violation Notifications

While the law has adapted to the reality of cyberattacks and data breaches, in the wake of recent revelations about Facebook use of personal information, New York’s Attorney General intends to propose legislation to address Privacy Violations — where personal information is obtained or used by organizations in violation of a platform’s terms of service, or the law. Facebook has recently acknowledged that data analytics firm Cambridge Analytica collected personal information of 50 million Facebook users without their consent as part of a political influence…
Continue reading...

New York’s New Cyber Law Is Beginning to Byte

In late 2016, in response to the “ever-growing threat” posed to information and financial systems, the New York State Department of Financial Services (DFS) proposed cybersecurity regulations to “promote the protection of customer information and information technology systems of regulated entities.” The DFS defined “covered entities” as any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law of New York.  Banks, insurance companies, and…
Continue reading...

April Brings Showers … and Changes to State Data Breach Notification Laws

Over the past few weeks there have been noteworthy changes to data breach notification acts within several states. Of importance, New Mexico enacted its first notification law while Tennessee and Virginia amended existing legislation. New Mexico On April 6, 2017 New Mexico enacted HB 15, the Data Breach Notification Act, making it the 48th state to pass a notification law. The Act goes into effect on June 16, 2017, leaving Alabama and South Dakota as the only states without notification requirements. The Act, drawing…
Continue reading...

CISA Passes as Part of Omnibus Spending Bill

Congress recently passed the Cybersecurity Information Sharing Act of 2015 (CISA) as part of Division N of H.R. 2029, Public Law 114-113 the Consolidated Appropriations Act, 2016, (CAA). As previously reported, on October 27, 2015 the United States Senate passed a different version of CISA, S.754, which without requiring such information sharing, would create a system for federal, state and local agencies to receive threat information from private companies in real time and for the private sector to receive such information in addition and as…
Continue reading...

Controversial Cybersecurity Information Sharing Act Passes Senate, Will Likely Become Law

On October 27, 2015, the United States Senate passed S.754, the Cybersecurity Information Sharing Act (CISA or the Act) 74-21. Without requiring such information sharing, CISA would create a system for federal agencies to receive threat information from private companies in real time. However, the bill is not without controversy. As we discussed in August the Department of Homeland Security raised concerns in July and August that the “real time collaboration” requirement in CISA would not permit them to scrub personal information…
Continue reading...

DHS – “Privacy Problems with CISA”

The Senate is expected to begin debate this week on S.754, the Cybersecurity Information Sharing Act (CISA) and at least one government agency is raising privacy and civil liberties concerns with respect to this legislation. Specifically, the Department of Homeland Security (DHS) is concerned that the desire to share information in real time could prevent it from scrubbing the data to erase personal identifiable information or other private information contained in the data. The primary purpose of CISA is to encourage the sharing of cyber…
Continue reading...

Federal Cyber Legislation – Hurry Up and Wait

Despite the increasing number of data breaches, legislation to address this issue at the Federal level is at a standstill (or close to it). As has been noted in a variety of venues, currently, there is no comprehensive federal law to deal with data breaches. The federal law that does exist is centered on privacy issues for specific industries, e.g., Health Information Portability and Accountability Act (HIPAA) for health information and the Gramm-Leach Bliley Act (GLB) for financial information. While most states and the…
Continue reading...

New Federal Cybersecurity Legislation and Regulations Proposed in Washington DC

This week, new legislation and regulations have been proposed to address cybersecurity concerns in new automobiles and the nation’s Bulk Electric System. On Tuesday, Senators Edward J. Markey (MA) and Richard Blumenthal (CT) introduced new legislation to address the hacking risks associated with “connected vehicles.”  The Security and Privacy in Your Car Act of 2015 would mandate that sensitive software systems be isolated and additional safeguards be added “to protect consumers from security and privacy threats to their motor vehicles”.  The legislation followed a 2014…
Continue reading...