Category Archives: notification

Anatomy of a Data Breach law in New Jersey

What additional information is protected:

  • user name
  • email address
  • any other account holder identifying information
  • + in combination with any password or security question and answer that would permit access to an online account

Can notice be given to a consumer electronically? Yes, unless it was the account that was breached

The bill: A-3245 (2019 | NJ)

National Law Review | New Jersey’s Data Breach Notification Amendment Signed into Law 

Inside NJ | Caputo & Murphy Bill Requiring…

Anatomy of a Data Security Bill in North Carolina

The legislation: HB 904 (2019 | NC)

How does it impact businesses: Creates a duty on businesses to maintain reasonable security procedures and practices

Notification time frame: 15 days

Free credit freezes, thaws and monitoring? yes, yes and yes

Consent: Requires consent to access a consumers credit report

NC Attorney General Talking Points on HB 904 

Regulatory TREND. Anatomy of an Attorney General Investigation into a Healthcare Data Breach.

What type of healthcare data breach? electronic health information was exposed online 

How did it happen? a misconfigured web setting

What went wrong with notification that caught the Michigan Attorney General’s attention? Patients were receiving notifications addressed to other patients and contacted the Attorney General

Health IT Security | Michigan Attorney General Looking into Inmediata Breach, Mailing Error 

Lege TREND. Tech Rich State. Yes to Data Breach Bill. No to Data Privacy Bill.

State: Washington

The bills that succeeded: HB 1071 (2019 | WA)

What does the data breach bill do?

  • 30 days to notify the state Attorney General and consumers (down from the current 45 days)
  • What information triggers a breach notification?
    • Social Security numbers
    • driver’s license numbers
    • state ID numbers
    • financial account information
    • full birth dates
    • health insurance ID numbers
    • medical histories
    • student ID numbers
    • military ID numbers
    • passport ID numbers
    • username-password…

Lege TREND. Revisiting How one State Responded to Equifax Breach

State: Massachusetts

Legislation: H 4806 (2018 |MA)

What did Massachusetts enact?

  • consumer consent before any third party can obtain the consumer’s credit report
  • free credit freezes and thaws
  • entieis that have suffered a data breach have enhanced reporting requirements
  • free credit monitoring to affected consumers

Leominster Champion | Governor Signs Bill to Enhance Credit Data Security

 

Lege TREND. + 1 Expansion of what triggers notification on a data breach

D.C. Attorney General new proposal  would add the following to the list of information that would trigger notification in a data breach:

  • passport numbers
  • military IDs
  • biometric data
  • health information
  • taxpayer identification numbers
  • health insurance info
  • genetic information
  • DNA profiles

Security Week | D.C. Attorney General Introduces New Data Security Bill 

Lege TREND. Parsing a LEgislative fight over notification of data breaches in 4 easy steps.

Debate over Michigan HB 4186 (2019 | MI) and HB 4187 (2019 | MI) focuses on the time period for notification.

The bills cut notification time in MI from 90 days to 45 days. Chamber of Commerce is as thrilled as a cat in the rain.

45 days is a standard adopted by 13 states.

An amendment proposal is for 75 days when the information is processed by a credit card processor.

Small Business Association of Michigan | New Data Breach Bill Moves Amid Latest Ransomware Attack

 

Lege Trend. Anatomy of a Strict Data Breach Notification State Bill.

  • 30 days to provide notification to consumers
  • Greater disclosures to consumers about data collected and where it is stored
  • Free credit freezes and unfreezes for a year
  • 4 years of credit monitoring- free
  • Applies Deceptive Trade Practices Act penalties to Businesses (these accrue daily and per incident)

Who is backing this bill: North Carolina  State Attorney General 

What impact does this have to businesses?

  • healthcare comapnies would see their notifcation timeline cut from 60 days to 30…