On September 27, 2013, California Governor Jerry Brown signed into law an amendment to California’s breach notification law (Cal. Civ. Code § 1798.82). Effective January 1, 2014, under the amended law, the definition of “Personal Information” will be expanded to include “a user name or email address, in combination with a password or security question and answer that would permit access to an online account.” Additionally, new notification options have been added to address a breach of this type of information.
Data Breach Case Research Paper Sheds Light
In a draft research paper titled "Empirical Analysis of Data Breach Litigation", three prominent scholars have collected and analyzed a sample of over 230 federal data breach lawsuits in order to deduce just what makes them tick.
Romanosky, Hoffman and Acquisti examined, for example, what factual and legal…
Special Radio Report No. 2: Newman Dishes on Cloud Computing
Cloud computing is already revolutionizing the way companies operate their businesses, in particular in the way they store and process information. But before you jump into the cloud, you may want to pause to consider your options.
…
State Law Claims in an Identity Exposure Case Preempted by Federal Fair Credit Reporting Act
the Federal Fair Credit Reporting Act preempted an identity exposure plaintiff’s state law claims for, among other things, negligence, breach of contract, and violation of the New York Deceptive Trade Practices Act
…
What Happens in Vegas Really Does Stay in Vegas (Unless It Is Encrypted)
S.B. 227, which becomes effective on January 1, 2010, will require encryption of all personal information leaving the “logical or physical controls of the data collector,” including electronic data on a “data storage device.”
…
Governor Schwarzenegger Says No to California A.B. 779
On Saturday, California Governor Arnold Schwarzenegger vetoed AB 779, legislation that would have amended California’s landmark data security breach legislation. The bill would have been the first to follow law enacted by Minnesota earlier this year and effective August 1, 2007, that amended Minnesota’s security breach notification law by, among other things, prohibiting businesses from retaining certain payment card data after authorization of a transaction.
…