Archives: U.S. State Law

Subscribe to U.S. State Law RSS Feed

Delaware Amends Data Breach Notification Law

On August 17, 2017, as reported in BNA Privacy Law Watch, Delaware amended its data breach notification law, effective April 14, 2018. The amendments include expansion of the definition of personal information, timing of notification, changes to the harm threshold and credit monitoring service changes. … Continue Reading

Nevada Enacts Website Privacy Notice Law

Recently, Nevada enacted an online privacy policy law which will require operators of websites and online services to post a notice on their website regarding their privacy practices. Nevada is the third state to enact legislation requiring website operators to post a public privacy notice, following California (enacted in 2004) and Delaware (enacted in 2016). … Continue Reading

New Jersey Shopper Privacy Bill Signed into Law

On July 21, 2017, New Jersey Governor Chris Christie signed a bill that places new restrictions on the collection and use of personal information by retail establishments for certain purposes. The statute, which is called the Personal Information and Privacy Protection Act, permits retail establishments in New Jersey to scan a person’s driver’s license or other state-issued identification card only for eight purposes. … Continue Reading

Putative Data Breach Class Action Dismissed for the Third Time

On June 13, 2017, Judge Andrea R. Wood of the Northern District of Illinois dismissed with prejudice a putative consumer class action filed against Barnes and Noble. The case was first filed after Barnes and Noble’s September 2012 announcement that skimmers had tampered with PIN pad terminals in 63 of its stores and exposed payment card information.… Continue Reading

Washington Becomes Third State to Enact Biometric Privacy Law

On May 16, 2017, the Governor of the State of Washington, Jay Inslee, signed into law House Bill 1493, which sets forth requirements for businesses who collect and use biometric identifiers for commercial purposes. The law will become effective on July 23, 2017. Washington becomes the third state to pass legislation regulating the commercial use of biometric identifiers.… Continue Reading

Amended Oregon Law Reinforces Importance of Adhering to Privacy Policies

On May 25, 2017, Oregon Governor Kate Brown signed into law H.B. 2090, which updates Oregon’s Unlawful Trade Practices Act by holding companies liable for making misrepresentations on their websites or in their consumer agreements about how they will use, disclose, collect, maintain, delete or dispose of consumer information.… Continue Reading

New York AG Settles with Wireless Lock Maker Over Security Flaws

On May 22, 2017, New York Attorney General Eric T. Schneiderman announced that the AG’s office has reached a settlement with Safetech Products LLC regarding the company’s sale of insecure Bluetooth-enabled wireless doors and padlocks. This “marks the first time an Attorneys General’s Office has taken legal action against a wireless security company for failing to protect their [customers’] personal and private information.” … Continue Reading

Global Ransomware Attacks Raise Key Legal Considerations

On May 12, 2017, a massive ransomware attack, known as “WannaCry,” began affecting tens of thousands of computer systems in over 100 countries. These types of incidents can have significant legal implications for affected entities and industries for whom data access and continuity is critical. As affected entities work to understand and respond to the threat of ransomware, we address some of the key legal considerations.… Continue Reading

New Mexico Enacts Data Breach Notification Law

On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law, leaving Alabama and South Dakota as the two remaining states without such requirements. The Data Breach Notification Act (H.B. 15) goes into effect on July 1, 2017. … Continue Reading

New Jersey Moves Forward With Shopper Privacy Bill

On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require banks, insurance companies and other financial services institutions to establish and maintain a cybersecurity program designed to ensure the safety of New York’s financial services industry and to protect New York State from the threat of cyber attacks. … Continue Reading
LexBlog