Privacy + Cyber

Subscribe to Privacy + Cyber via RSS

On June 1, the Connecticut legislature passed a bill that would require businesses exposed to a data breach to notify victims within 90 days of the breach.  The bill would also require businesses to provide victims with one year of identity-theft protection if their Social Security number is compromised.  Senate Bill 949, An Act

On May 5, Virginia Governor Terry McAuliffe signed an executive directive which sets enhanced security requirements for the purchase card program used by state agencies, including the implementation of “chip and pin” technology by December.  The directive further instructed Virginia’s treasurer, comptroller, and secretaries of finance and technology to implement enhanced payment technologies that “meet

In a pair of recent votes, the House of Representatives supported legislation that would create liability protections for companies that share with the federal government information about cyberthreats.  The bills, H.R. 1560 and H.R. 1731, allow private companies to take defensive cybersecurity measures to protect their rights and property.  They also allow for sharing of

The U.S. Department of Justice has released guidance to assist organizations in preparing for a cyber incident.  Released alongside a speech given by Assistant Attorney General Leslie Caldwell on April 29, the 15-page memo, “Best Practices for Victim Response and Reporting of Cyber Incidents,” provides a framework for organizations to prepare an incident response

On April 30, Sen. Patrick Leahy, D-Vt., introduced legislation that would require companies to report data breaches within 30 days and would protect a wide range of personal and geographic location data while allowing more stringent state laws to stand.  As mentioned here, the Consumer Privacy Protection Act is just the latest piece of

On April 15, the House Energy and Commerce Committee approved the Data Security and Breach Notification Act by a 29-20 vote.  The bill, H.R. 1770: The Data Security and Breach Notification Act of 2015, was initially backed by Rep. Peter Welch (D-VT) and Rep. Marsha Blackburn (R-TN) but passed along party lines.

The legislation

On February 25, the Superintendent of the New York Department of Financial Services (“DFS”), Benjamin M. Lawsky, spoke at Columbia Law School regarding the increased role of states as regulators, especially in the case of emerging risks such as cybersecurity.  The speech, titled “Financial Federalism: The Catalytic Role of State Regulators in a Post-Financial Crisis

On February 27, the White House proposed a bill that would provide consumers with a “Privacy Bill of Rights” as well as provide an enforcement mechanism for data breach enforcement actions by the FTC and state attorneys general.  The language used is similar to a proposal by the administration in 2012 which failed to gain

In order to assist the Consumer Financial Protection Bureau with its statutory obligation to report annually to Congress concerning the federal government’s efforts to implement the Fair Debt Collection Practices Act, the Federal Trade Commission submitted a summary of its own enforcement activities during 2014.

The FTC’s summary highlights not only the “aggressive law enforcement

On February 5, Illinois Attorney General Lisa Madigan testified before the U.S. Senate, calling on Congress to enact a strong, meaningful federal data breach notification law, while at the same time lobbying Congress to avoid preempting states from enforcing their own data protection laws.

Before the Senate’s Subcommittee on Commerce, Science and Transportation in a