Data Breach

Ohio has become the first state to enact legislation providing liability protection for businesses that implement a written cybersecurity program that “reasonably conforms” to certain cybersecurity frameworks or laws to protect personal information. This approach...

Read More →

Since at least fall of 2017, the Department of Education (“ED”) has expected institutions of higher education to report data breaches directly to the department on the same day a breach is discovered – or...

Read More →

Nearly three years after adding a mandatory data breach notification provision to its federal privacy law, Canada has taken steps that will effectuate the dormant requirement. The Governor General in Council, on the recommendation of...

Read More →

Alabama became the 50th and final state to enact data breach notification legislation when Governor Kay Ivey signed into law the Alabama Data Breach Notification Act of 2018. Alabama’s law comes on the heels of...

Read More →

This post has been updated to reflect that the WP29 has since released updated guidance. In our recent blog post on the Article 29 Working Party’s draft guidance on the GDPR’s breach notification requirements, we...

Read More →

This post has been updated to reflect that the WP29 has since released updated guidance. Most companies handling personal data of EU residents know that the General Data Protection Regulation (“GDPR”) will impose mandatory data...

Read More →

S3 Buckets: Not so Simple?

September 5, 2017 | 0 Comments

Uber has agreed to settle a complaint stemming from allegations that the ride-hailing company made deceptive claims concerning its data security practices following a 2014 data breach. The data breach in question affected an Amazon...

Read More →

With an average of 15 data breaches per week, data security frequently tops headlines. California has led from the front by passing laws to protect consumer data, as it was the first state to pass...

Read More →

California Revises Data Breach Notification Laws

October 20, 2015 | 0 Comments

California Governor Jerry Brown has signed into law three bills that revise California’s data breach notification requirements. The laws clarify important definitions, adjust notification requirements, and require operators of automated license plate recognition (“ALPR”) systems...

Read More →

Tuesday, May 5, 2015 – 12:30 PM – 1:30 PM Presenters: Jeff Landis from ZwillGen & Matthew Milner and Michael Kheyfets from Edgeworth Economics As breaches of proprietary data systems have become more commonplace, so have...

Read More →