Welcome to the Future!
What? SB 2373 (2019 | TX)
What legal challenges would be allowed? Deceptive Trade Practices Act challenges
What does this mean? Know those press releases from the Attorney General Office about how much its collected in fines (hint: it is A LOT). Yes, it means business fines.
California’s SB 561 (CA | 2019) would allow individuals to bring suit against a company for a data breach that includes their personal information.
The caveat: companies would have to have failed to provide reasonable security precautions.
Insurance Journal | California Bills Would Add More Punch to Consumer Data Protection Law
Georgia uses exclusively paperless ballots. The November 2018 election produced high numbers of people not voting for Lt. Governor.
A lawsuit seeks to invalidate that race due to the low voting numbers in that specific race and calling for forensic examination of the electronic voting machines.
Jail time is being added to the list of potential penalties in data breaches. Under the proposal the FTC could impose fines on companies and could also impose criminal penalties on executives.
The impetus for this bill? Facebook
Government Technology | Oregon’s Wyden Pitches Jail Time for Breaches
Pennsylvania Supreme Court rules that all employers must exercise reasonable care to protect worker data.
How did they get there? A health care provider employee data breach led to a lawsuit. Lower courts sided with the employer that there was no data security requirements for employee records. The PA Supreme Court disagreed.
Pittsburg Post Gazette | PA Supreme Court rules UPMC — and all employers — must protect workers’ data. Doing so is harder
Los Angeles City Attorney filed suit against the Weather Channel App for not properly disclosing that the app retains user location data.
Where would I see this in legislation? in fraud, deceptive trade practices, competititve practices, cybersecurity bills that protect geolocation
Engadget | LA sues Weather Channel app owner over ‘fraudulent’ data use
Ohio was the first state to create a safe harbor for business in its 2018 cybersecurity legislation. SB220 (OH | 2018)
How did Ohio craft its liability protection for businesses? A business has to do 1 of these:
(1) Create, maintain, and comply with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of personal information and that reasonably conforms to an industry recognized cybersecurity framework, as described in…
According to lawyers wirting in the Harvard Business Review, a data security regulatory system should:
Is this bipartisan? Yes, Sen. Rob Portman, R-Ohio, and Maggie Hassan, D-N.H.
What’s the bill called? The Public-Private Cybersecurity Cooperation Act
What would it do? Creates a vulnerability disclosure program, crafted by the Department of Homeland Securty, to allow hackers to report problems to the proper authorities without being prosecuted
NextGov | Senators Introduce Bill to Let Hackers Reports Bugs to DHS
Texas Attorney General Office | AG Paxton Begins Investigation Into Marriott Data Breach…