HB Ad Slot
HB Mobile Ad Slot
Oregon, New York, Alabama, and Rhode Island Join List of States Considering Data Breach Legislation Post-Equifax
Friday, March 2, 2018

In the absence of federal action, state legislators continue to propose bills that would increase data privacy and security protections for consumers. Any entity that does business in these states or maintains confidential information of their residents should monitor the legislation to determine whether and how the proposed changes may affect operations.

The bills are a direct reaction to Equifax's data breach disclosure last summer. In prior alerts and articles, we discussed proposed legislation in ArizonaColorado, North Carolina, and South Dakota. In this alert, we examine legislation being considered in Oregon, New York, Alabama, and Rhode Island.

To put the discussion into context, 48 states already have laws requiring entities to notify affected individuals if the entity suffers a loss or compromise of the individuals' confidential information. Those laws differ in many respects, resulting in a complex web of legal responsibilities that creates headaches for entities required to comply with them.

The challenge will become even more complex if the proposed bills become law, because, generally speaking, they would:

  • expand the types of confidential information covered under state breach notification requirements;

  • implement specific deadlines for when affected individuals must be notified;

  • require businesses to implement and maintain reasonable security procedures to prevent data breaches; and

  • authorize state attorneys general to enforce these provisions through substantial fines and penalties for non-compliance.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins