Texas Gov. Greg Abbott on May 27 signed into law Senate Bill 768 which amends the state’s data breach notification statutes. The amendments go into effect Sept. 1, 2023.
Posts published in “Data Privacy and Security”
Montana Gov. Greg Gianforte on May 19 signed into law Senate Bill 384, the Montana Consumer Data Privacy Act, making Montana the ninth state to enact a comprehensive consumer data privacy law, following California, Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, and Tennessee. The law will take effect Oct. 1, 2024.
Tennessee Gov. Bill Lee on May 11 signed into law House Bill 1181, making Tennessee the eighth state to enact a comprehensive consumer data privacy law, following California, Virginia, Colorado, Utah, Connecticut, Iowa, and Indiana. The law will take effect July 1, 2024.
Indiana Gov. Eric Holcomb on May 1 signed into law Senate Bill 5, making Indiana the seventh state to enact a comprehensive consumer data privacy law, following California, Virginia, Colorado, Utah, Connecticut, and Iowa. The law will take effect Jan. 1, 2026.
Kansas Gov. Laura Kelly has approved enactment of Senate Bill 44 which requires certain financial institutions to establish information security standards consistent with the federal Gramm-Leach-Bliley Act’s Safeguards Rule, 16 C.F.R. § 314.1, et seq. The Kansas Financial Institutions Information Security Act becomes effective July 1, 2023.
The Texas House of Representatives on April 4 voted unanimously in favor of Texas House Bill 4, the Texas Data Privacy and Security Act. The Texas legislature remains in session through May 29, so there is ample time for the legislation to continue its course.
Iowa Gov. Kim Reynolds on March 28 signed into law SF 262, making Iowa the sixth state to enact comprehensive consumer data privacy legislation. The other states are California, Virginia, Colorado, Utah, and Connecticut. The law will take effect Jan. 1, 2025.
Utah Gov. Spencer Cox on March 23 signed into law Senate Bill 127, which amends the state’s data breach notification statutes. The amendments go into effect May 2, 2023.
5th Cir. Holds Company That Suffered Data Breach Ultimately Liable for Assessments Imposed by Credit Card Issuers
The U.S. Court of Appeals for the Fifth Circuit recently held that a merchant had a contractual obligation to indemnify its payment processor after a data breach at the merchant compromised customer credit card data.
The Illinois Supreme Court recently held that a separate claim accrues under the Illinois Biometric Information Privacy Act each time a private entity scans or transmits an individual’s biometric identifier or other protected information in violation of section 15(b) or (d) of BIPA.
The Ohio Supreme Court recently reversed the decision of an appellate court and reinstated the trial court’s grant of summary judgment in favor of an insurer and against an insured company on the company’s claim for breach of contract and bad faith denial of insurance coverage relating to damages arising from a ransomware attack.
Just a few years ago, the annual review would primarily encompass federal activity. But a shift began in 2018, and by the close of this year, it’s clear there is far more state activity impacting consumer debt collection.