Tag Archives: Social Security Number

Data Security Act Introduced in New York State Assembly

On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading

Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor

On February 23, 2015, the Wyoming Senate approved a bill that adds data elements to the definition of "personal identifying information" in the state's data breach notification statute. The Wyoming Senate also agreed with amendments proposed by the Wyoming House of Representatives to another bill that adds content requirements to the notice that breached entities must send affected Wyoming residents. … Continue Reading

California Governor Approves New Privacy Legislation

On September 30, 2014, California Governor Jerry Brown announced the recent signings of several bills that provide increased privacy protections to California residents. These bills are aimed at protecting student privacy, increasing consumer protection in the wake of a data breach, and expanding the scope of California's invasion of privacy and revenge porn laws.… Continue Reading

California Lawmakers Pass Bill to Amend State’s Breach Notification Law

At the end of August, a bill amending California's breach notification law passed and was sent to Governor Jerry Brown for signature. The revised law would extend certain obligations to safeguard personal information to entities that "maintain" such information, add a requirement to offer identity theft protection to individuals affected by a security breach, and bolster protection for Social Security numbers.… Continue Reading

Delaware Enacts New Data Destruction Law

On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The law will take effect on January 1, 2015.… Continue Reading

Kentucky Enacts Data Breach Notification Law

On April 10, 2014, the Governor of Kentucky signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014. … Continue Reading

North Dakota Amends Breach Notification Law to Cover Health Information

On April 19, 2013, the North Dakota legislature amended the state’s breach notification law (Section 51-30-01 of the North Dakota Century Code) to expand the definition of “personal information” to include “health insurance information” and “medical information.” Pursuant to the amended breach law, “health insurance information” is defined to mean an “individual’s health insurance policy … Continue Reading

Amended COPPA Rule Comes into Effect

The Federal Trade Commission’s changes to the Children’s Online Privacy Protection Rule come into effect today. This post summarizes key changes affecting businesses subject to the amended Rule.… Continue Reading

FTC Issues Updated FAQs Addressing COPPA Compliance Requirements

On April 25, 2013, the Federal Trade Commission released an updated version of its frequently asked questions regarding the Children’s Online Privacy Protection Act of 1998 that provide general information on COPPA’s requirements and also include new guidance on the recent amendments to the Children’s Online Privacy Protection Rule. … Continue Reading

Insurance Coverage for Security Breach Lawsuits

In a recent article published by the American Bar Association’s Insurance Coverage Litigation Committee, Hunton & Williams counsel William T. Um explores insurance recovery options related to the defense of class action lawsuits following data security breaches and other privacy incidents.… Continue Reading

FTC Settles Alleged Breach of Consumers’ Personal Information

On January 28, 2013, the Federal Trade Commission announced a proposed settlement agreement with CBR Systems, Inc., an operator of a cord blood bank, for its failure to implement reasonable and appropriate measures to protect its consumers’ personal information from unauthorized access, which contributed to a December 2010 security incident.… Continue Reading

FTC Finalizes Settlements Relating to P2P Privacy Violations

On October 26, 2012, the Federal Trade Commission finalized its settlement agreements with two businesses that allegedly exposed thousands of customers’ sensitive personal information by allowing peer-to-peer file-sharing software to be installed on their company computer systems.… Continue Reading

FTC Settles Spying Case

On September 25, 2012, the Federal Trade Commission announced that it had settled a case involving allegations of spying by software company DesignerWare, LLC, and several rent-to-own companies that rented computers to consumers.… Continue Reading

FTC Announces Settlements Relating to P2P Data Breaches

On June 7, 2012, the Federal Trade Commission announced settlement agreements with two businesses for allegedly compromising the security of consumer personal information by allowing peer-to-peer file-sharing software to be installed on company computers. One of the companies also was charged with violations of the GLB Safeguards Rule and Privacy Rule.… Continue Reading