Colorado Data Privacy Act a Landmark in Dealing with Protection of Personally Identifiable Information

Colorado’s Protections for Consumers Data Privacy Act, unanimously approved by the state legislature on May 29, imposes heightened data protection and breach notification requirements on businesses of all sizes and government entities. It affects all entities that receive, collect, create or save personally identifiable information (PII) from Colorado residents, customers, employees or even prospective employees.  The law comes in the wake of the Equifax data breach in 2017, and Colorado being rated the second riskiest state for identity theft in a 2017 study, only…
Continue reading...

Congress Passes Bill to turn Cybersecurity Wing of Department of Homeland Security into Fully-fledged Agency

On November 13, the U.S. House of Representatives voted unanimously to pass bipartisan legislation creating the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). The CISA Act (H.R. 3359), first introduced in July, 2017, passed the Senate in October. It will “reorganize DHS’ National Protection and Programs Directorate (NPPD) into a new agency and prioritize its mission as the Federal leader for cyber and physical infrastructure security,” according to a statement released by DHS. The new agency…
Continue reading...

The End of the Password: The Future of Company Security

At Microsoft Ignite 2018, an annual conference for developers and IT professionals, heavily emphasized its system’s security improvements. In the spotlight, Microsoft focused on its movement away from a password usage system through the Authenticator app. The Microsoft Authenticator app works by utilizing an addition factor, such as a fingerprint, PIN, or facial biometric, allowing administrators to default to the Microsoft Authenticator app first, rather than asking for a password. During the conference, Microsoft indicated that passwords are a “short-term game” as most security…
Continue reading...

Congress Continues to Grapple with Election Interference

The Secure Elections Act may be back on the table once again. The bipartisan bill was introduced “to protect the administration of Federal elections against cybersecurity Threats.” In large part, the bill was intended to combat concerns that Russia and other state and private actors could exploit vulnerabilities in backend election systems, including voter registration databases, ballot creation systems, voting machine configuration systems, absentee processing and reporting and tabulation software. The bill’s sponsors hope to pass a version of the bill in time to…
Continue reading...

Understanding the California Consumer Privacy Act (CCPA): Part Two

The California Consumer Privacy Act of 2018 (CCPA) signed into law on June 28, 2018 is the nation’s toughest privacy law to date and could serve as a model for other states.With 18 months to go before its implementation, many things could happen prior to its effective date to change its current form and anticipated effect.  But before contemplating any changes, it’s important to understand its present form. Who Is Regulated by the CCPA The CCPA will regulate “Businesses,” defined as for-profit entities that have…
Continue reading...

Understanding the California Consumer Privacy Act (CCPA): Part One

In 2020, California Consumers will be granted new online privacy protections under a first-of-its-kind California law. A sweeping new privacy law — the California Consumer Privacy Act of 2018 (CCPA) is the nation’s toughest privacy law and could serve as a model for other states. The bill came to a vote in both houses on June 28, 2018. The assembly voted 69-0 to approve it shortly after the Senate approved it 36-0 , and was signed by Gov. Jerry Brown the same day. The CCPA…
Continue reading...

Firewall’s Up: South Carolina Passes First-of-its-Kind Insurance Data Security Act

South Carolina recently became the first state to pass legislation modeled closely on the Insurance Data Security Model Law that was approved by the National Association of Insurance Commissioners (NAIC) last October. Amid the rising incidence of cyberattacks, cyber security is a key issue facing the insurance sector. South Carolina has taken a proactive step in protecting their business and customers from possible data breaches. The South Carolina Department of Insurance (SCDOI) Data Security Act, signed by the Governor on May 3, 2018, will become…
Continue reading...

New York AG Seeks to Require Privacy Violation Notifications

While the law has adapted to the reality of cyberattacks and data breaches, in the wake of recent revelations about Facebook use of personal information, New York’s Attorney General intends to propose legislation to address Privacy Violations — where personal information is obtained or used by organizations in violation of a platform’s terms of service, or the law. Facebook has recently acknowledged that data analytics firm Cambridge Analytica collected personal information of 50 million Facebook users without their consent as part of a political influence…
Continue reading...

New York’s New Cyber Law Is Beginning to Byte

In late 2016, in response to the “ever-growing threat” posed to information and financial systems, the New York State Department of Financial Services (DFS) proposed cybersecurity regulations to “promote the protection of customer information and information technology systems of regulated entities.” The DFS defined “covered entities” as any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law of New York.  Banks, insurance companies, and…
Continue reading...

April Brings Showers … and Changes to State Data Breach Notification Laws

Over the past few weeks there have been noteworthy changes to data breach notification acts within several states. Of importance, New Mexico enacted its first notification law while Tennessee and Virginia amended existing legislation. New Mexico On April 6, 2017 New Mexico enacted HB 15, the Data Breach Notification Act, making it the 48th state to pass a notification law. The Act goes into effect on June 16, 2017, leaving Alabama and South Dakota as the only states without notification requirements. The Act, drawing…
Continue reading...