Michigan enacted the Michigan Data Security Act on December 28, 2018, imposing stringent cybersecurity measures on any person (individual or corporate) licensed by the Michigan Department of Insurance and Financial Services. Based on the 2017 NAIC data security model law and nearly identical to the South Carolina Insurance Data Security Act, the Michigan statute will […]
Data Breach
South Carolina Insurance Data Security Law Now Effective
South Carolina’s prescriptive data security law for insurers took effect on January 1, 2019. Subject to specified exemptions, the law requires any person licensed pursuant to South Carolina insurance laws to take certain steps, including among other things notification of specified cybersecurity events to the South Carolina Department of Insurance. Covered persons are also required […]
FTC Publishes Report Regarding Privacy Workshop
In October 2018, the Federal Trade Commission (“FTC”) published a report that summarized discussions at a December 2017 workshop discussing the potential impact to consumers of privacy and security incidents. The purpose of the workshop was to explore whether government intervention in this arena is warranted under the enforcement authority granted to the FTC under […]
DOJ Releases “Best Practices for Victim Response and Reporting of Cyber Incidents,” Version 2.0
On September 27, 2018, the Department of Justice Computer Crime and Intellectual Property (CCIPS) Cybersecurity Unit released Version 2.0 of its “Best Practices for Victim Response and Reporting of Cyber Incidents.” Originally issued in 2015, the updated guidance seeks to help organizations better equip themselves to be able to respond effectively and lawfully to cyber […]
Ohio Enacts Cybersecurity Safe Harbor Law
Ohio recently enacted the Ohio Data Protection Act (2018 SB 220), a law that offers a breach litigation safe harbor to businesses meeting specific cybersecurity standards. While the law does not prevent a plaintiff from filing a lawsuit following a data breach, it does provide an affirmative defense to companies defending themselves against such claims. […]