On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of […]
Legislation
Massachusetts Amends Data Breach Notification Law
Massachusetts Governor Charlie Baker has signed legislation amending the state’s data breach notification law, and the amendments will take effect on April 11, 2019. The new requirements relate to the timing and content of individual and regulator notifications, as well as credit monitoring services offered to affected residents. The key amendments include the following provisions. […]
Time for a General Federal Privacy Law? Peter Swire Opens the Discussion on Potential Preemptive Effects
The IAPP article, “US federal privacy preemption part 1: History of federal preemption of stricter state laws,” written by Alston & Bird Senior Counsel Peter Swire and published on January 9, 2019, discusses the potential for a general U.S. privacy law and whether and to what extent this new federal law would “preempt” state privacy […]
Michigan Enacts Insurance Data Security Model Law
Michigan enacted the Michigan Data Security Act on December 28, 2018, imposing stringent cybersecurity measures on any person (individual or corporate) licensed by the Michigan Department of Insurance and Financial Services. Based on the 2017 NAIC data security model law and nearly identical to the South Carolina Insurance Data Security Act, the Michigan statute will […]
Governor Jerry Brown Signs Amendment to the California Consumer Privacy Act
On September 23, 2018, Governor Jerry Brown signed SB 1121, the amendment to the California Consumer Privacy Act (CCPA). SB 1121 attempts to clean up some drafting errors and ambiguities in the original legislation (AB 375), but it also effectively reduces the procedural obstacles to the CCPA’s private right of action by removing the requirement […]