Data Breach

Arkansas has updated its breach notification law to expand the definition of “personal information” and to require notifying the Arkansas Attorney General when a breach involves more than 1,000 individuals’ personal information. On April 15, 2019, Governor...

Read More →

On May 7, 2019, Governor Jay Inslee signed a bill (HB 1071) that strengthens the state’s existing data breach notification law by expanding the definition of “personal information” and reducing the time an entity has to...

Read More →

The Death Knell for Class Arbitration?

May 6, 2019 | 0 Comments

On April 24, 2019, the U.S. Supreme Court held in Lamps Plus v. Varela that under the Federal Arbitration Act (“FAA”), class arbitration is only permitted when explicitly provided for in arbitration agreements. The 5-4 decision...

Read More →

Massachusetts has updated its breach notification law to require credit monitoring services and more prescriptive breach notices to regulators, as well as to strengthen rules for consumer reporting agencies. Governor Charlie Baker signed the legislation...

Read More →

Ohio has become the first state to enact legislation providing liability protection for businesses that implement a written cybersecurity program that “reasonably conforms” to certain cybersecurity frameworks or laws to protect personal information. This approach...

Read More →

Since at least fall of 2017, the Department of Education (“ED”) has expected institutions of higher education to report data breaches directly to the department on the same day a breach is discovered – or...

Read More →

Nearly three years after adding a mandatory data breach notification provision to its federal privacy law, Canada has taken steps that will effectuate the dormant requirement. The Governor General in Council, on the recommendation of...

Read More →

Alabama became the 50th and final state to enact data breach notification legislation when Governor Kay Ivey signed into law the Alabama Data Breach Notification Act of 2018. Alabama’s law comes on the heels of...

Read More →

This post has been updated to reflect that the WP29 has since released updated guidance. In our recent blog post on the Article 29 Working Party’s draft guidance on the GDPR’s breach notification requirements, we...

Read More →

This post has been updated to reflect that the WP29 has since released updated guidance. Most companies handling personal data of EU residents know that the General Data Protection Regulation (“GDPR”) will impose mandatory data...

Read More →