August 4, 2021

Volume XI, Number 216

Advertisement

August 03, 2021

Subscribe to Latest Legal News and Analysis

August 02, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Oregon, New York, Alabama, and Rhode Island Join List of States Considering Data Breach Legislation Post-Equifax

In the absence of federal action, state legislators continue to propose bills that would increase data privacy and security protections for consumers. Any entity that does business in these states or maintains confidential information of their residents should monitor the legislation to determine whether and how the proposed changes may affect operations.

The bills are a direct reaction to Equifax's data breach disclosure last summer. In prior alerts and articles, we discussed proposed legislation in ArizonaColorado, North Carolina, and South Dakota. In this alert, we examine legislation being considered in Oregon, New York, Alabama, and Rhode Island.

To put the discussion into context, 48 states already have laws requiring entities to notify affected individuals if the entity suffers a loss or compromise of the individuals' confidential information. Those laws differ in many respects, resulting in a complex web of legal responsibilities that creates headaches for entities required to comply with them.

The challenge will become even more complex if the proposed bills become law, because, generally speaking, they would:

  • expand the types of confidential information covered under state breach notification requirements;

  • implement specific deadlines for when affected individuals must be notified;

  • require businesses to implement and maintain reasonable security procedures to prevent data breaches; and

  • authorize state attorneys general to enforce these provisions through substantial fines and penalties for non-compliance.

Copyright © by Ballard Spahr LLPNational Law Review, Volume VIII, Number 61
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

David Stauss, Ballard Spahr Law Firm, Denver, Privacy and Litigation Attorney
Partner

David M. Stauss focuses on complex business and commercial litigation in state and federal courts. He handles all aspects of litigation on a wide range of substantive matters for clients, including product liability, landowner liability, and commercial lending.

Mr. Stauss is head of the Denver office's privacy and cybersecurity practice group. He advises clients on regulatory and statutory compliance issues, third-party vendor management policies and contractual provisions, cyber liability insurance retention and coverage analysis, information...

303-299-7363
Gregory Szewczyk, Ballard Spahr Law Firm, Denver, Privacy and Litigation Attorney
Associate

Greg Szewczyk is a litigator with experience serving as a member of several trial and arbitration teams. His responsibilities include examining witnesses at trial; drafting opening and closing presentations; drafting dispositive, discovery and pretrial motions, as well as appellate briefs; taking and defending depositions; arguing evidentiary and procedural issues; preparing witnesses for testimony; and drafting scripts for direct and cross-examinations. He is also a member of the Denver office’s cybersecurity practice group.

303-299-7382
Advertisement
Advertisement