- Ohio’s law doesn’t require action by businesses
- Ohio’s law incentives actions by businesses, by providing for liability protection
Tech Target | State data privacy laws, regulations changing CISO priorities
Welcome to the Future!
Tech Target | State data privacy laws, regulations changing CISO priorities
Who: Defending Digital Campaigns, the nonprofit spinoff of a Harvard cybersecurity project
What: FEC is considering allow campigns to get free cybersecurity help
Why? Elizabeth Warren, Kamala Harris are disclosing funds spent on cybersecurity and the retention of cybersecurity experts
The catch: the nonprofit is founded by Hillary Clinton’s campaign manager
Slate | This Nonprofit Wants to Offer Political Campaigns Free Help With Cybersecurity
State: Massachusetts
Legislation: H 4806 (2018 |MA)
What did Massachusetts enact?
Leominster Champion | Governor Signs Bill to Enhance Credit Data Security
What? SB 2373 (2019 | TX)
What legal challenges would be allowed? Deceptive Trade Practices Act challenges
What does this mean? Know those press releases from the Attorney General Office about how much its collected in fines (hint: it is A LOT). Yes, it means business fines.
Where: Georgia
The legislation: HB 392 (2019 | GA)
What would this bill require:
Atlanta Journal Constitution | New safeguards for Georgia election security await Kemp’s signature
The city: San Francisco
The proposal:
How many other cities have done this? none
Opponents: law enforcement
The policy goal: ““The propensity for facial recognition technology to endanger civil rights and civil liberties substantially outweighs its purported benefits,”
Government Technology | Will San Francisco Ban Facial Recognition Technology?
State: Nevada
The legislation: SB 195 (2019 | NV)
Why did SB 195 die a legislative death?
Read an opposition letter from the cryptocurrency industry.
CoinGeek | Nevada lawmakers scrap controversial Bitcoin bill
State: Oregon
The legislation: House Bill 2395 (2019 |OR)
What would HB 2395 require?
Why? So that a hacker could access only 1 device in 1 hack.
Oregonian | Oregon House passes bill requiring security for online devices
What do I need to know about data minimization? It means that companies shouldn’t collect personal data “beyond what is adequate, relevant and necessary” for the product or service.
What’s an example? Your takeaway driver doesn’t need access to your photo library to scan your credit card
NextGov | Inside One Lawmaker’s Proposal for a Privacy Bill of Rights
North Carolina: the 1st State to pass the model legislation imposed the 72-hour notice requirement in the model.
Michigan: opted for a 10 day notice requirement
Ohio: allows licensees that have certain cybersecurity programs to use an affirmative defense against tort claims
Bloomberg | States Imposing New Cybersecurity Requirements on Insurers