APPENDIX State Security Breach Notification Laws Alaska Alaska Stat. § 45.48.010 et seq. (Drill down through 2012 TOC to section or go here.) Arizona Ariz. Rev. Stat. § 44–7501 Arkansas Ark. Code Ann. § 4-110-101 et seq. (Drill down through TOC to section.) California Cal. Civ. Code §§ 1798.80, 1798.82, 1798.84 (Drill down through TOC… Continue Reading
Missouri: HB 62 includes many provisions that are similar to other state laws requiring notice to individuals when the security of their personal information has been compromised. For example, HB 62 includes a “material risk of harm” trigger. In other words, a business is not required to notify Missouri residents if, after an appropriate investigation or consultation with relevant law enforcement authorities, the business determines that identity theft is not likely to result from the breach. In addition, a business is not required to notify state residents if the personal information compromised was encrypted. Like some other state laws, HB 62 also requires notice to the Missouri Attorney General and national consumer reporting agencies if more than 1,000 Missouri residents are notified, and allows the Attorney General to seek actual damages or civil penalties from persons that fail to comply with the law.
The Federal Trade Commission (“FTC”) announced today that, for the third time, it will delay enforcement of the Red Flags Rule until November 1, 2009 – a year after the original November 1, 2008 compliance deadline. In delaying enforcement yet again, the Commission stated that it intends to engage in an “expanded business education campaign” in… Continue Reading
The popularity of crime dramas on primetime television schedules has made certain aspects of genetic testing commonplace and uncontroversial. However, as science continues to advance at an exponential rate, and as technology and innovation have invaded the realm of individual privacy rights, individuals’ genetic make-up are likely the next frontier. At least 32 states have… Continue Reading
In January 2009, we reported on the postponement of a controversial federal regulation resulting from a legal challenge filed by Proskauer Rose on behalf of several trade organizations, including the U.S. Chamber of Commerce. The rule, the result of an executive order signed by then-President George W. Bush, requires most federal contractors and subcontractors to verify… Continue Reading
the Federal Fair Credit Reporting Act preempted an identity exposure plaintiff’s state law claims for, among other things, negligence, breach of contract, and violation of the New York Deceptive Trade Practices Act
On June 16, 2009, in Pietrylo v. Hillstone Restaurant Group, USDC D.N.J. Case No. 2:06-cv-5754-FSH-PS, a New Jersey federal jury found that the Houston’s restaurant chain violated the Stored Communications Act (SCA) and the New Jersey Wiretapping and Electronic Surveillance Control Act (NJWESCA) by allegedly requiring an employee to surrender to Houston’s managers login information… Continue Reading
With social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009. As noted by the Working Party, the… Continue Reading