On May 27, Illinois and Texas voted to amend their respective data breach notification laws. Illinois amendment SB 1624 requires notice to the state’s Attorney General for data breaches involving a certain threshold of individuals. Texas amendment HB 4390 also requires notice to the state’s Attorney General for data breaches above a threshold, changes the […]
Data Security
Nevada Law Gives Consumers Right to Opt Out of Sale of Personal Information
On May 29, 2019, Nevada Governor Steve Sisolak signed into law Senate Bill 220, an act that amends Nevada’s existing online privacy notice law. This amendment will make Nevada the first state to join California in granting consumers the right to opt out of the sale of their personal information. While providing similar rights to […]
Georgia Supreme Court Clarifies There Is No Duty to Safeguard Personal Information from a Data Breach
The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number, email address, and age of thousands of […]
Spring Legislative Update: Two New Laws and Two Amendments
Legislative and regulatory activity continues apace, with four states making changes to their data privacy and cybersecurity legislation in the past month alone. West Virginia and Mississippi enacted new legislation while Virginia and Utah amended their existing data breach notification laws. Virginia On March 18, 2019, Virginia amended its data breach notification statute. (VA HB […]
SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule, Regulation S-P, based on recent examinations. Placed in context with prior OCIE Risk Alerts concerning cybersecurity practices and Regulation S-P […]