Kansas Gov. Laura Kelly has approved enactment of Senate Bill 44 which requires certain financial institutions to establish information security standards consistent with the federal Gramm-Leach-Bliley Act’s Safeguards Rule, 16 C.F.R. § 314.1, et seq. The Kansas Financial Institutions Information Security Act becomes effective July 1, 2023.
Posts tagged as “IT & Data Protection”
The Ohio Supreme Court recently reversed the decision of an appellate court and reinstated the trial court’s grant of summary judgment in favor of an insurer and against an insured company on the company’s claim for breach of contract and bad faith denial of insurance coverage relating to damages arising from a ransomware attack.
The upward trend in data privacy legislation continued in 2022. According to the National Conference of State Legislatures, “[a]t least 35 states and the District of Columbia in 2022 introduced or considered almost 200 consumer privacy bills,” which is a significant increase from 160 bills in 2021.
Determining whether your business engages in activities that can trigger coverage is discussed by the Federal Trade Commission in just released guidance entitled “FTC Safeguards Rule: What Your Business Needs to Know.” The Rule applies to many businesses beyond the scope of what are commonly understood to be “financial institutions” and has implications for service providers to covered entities.
The Federal Trade Commission recently amended the Safeguards Rule, 16 C.F.R. § 314.1, et seq., with significant changes to how an information security program should be designed, what it must include, and who needs to be in charge.
In 2006 the Committee of Ministers of the Council of Europe designated each Jan. 28 as Data Protection Day, known outside of Europe as Data Privacy Day. It marks the day in 1981 that Convention 108 of the Council of Europe became open for signature.
On Jan. 11 Washington State Sen. Reuven Carlyle introduced SB 5062, the Washington Privacy Act (WPA). Its predecessors, SB 6281 and SB 5376, failed to pass in 2020 and 2019, respectively.
On the heels of the EU’s General Data Protection Regulation (GDPR) going into effect in 2018, and passage of the California Consumer Privacy Act of 2018 (CCPA), 2019 proved to be a banner year for introduction of state consumer data privacy legislation.
In a case of first impression for the U.S. Court of Appeals for the Eleventh Circuit, the Court joined the Sixth Circuit in holding that obtaining a consumer report to verify a consumer’s identity and eligibility for a service is a “legitimate business need” and therefore a “permissible purpose” under the Fair Credit Reporting Act (FCRA).
In an action challenging the accessibility of a website to blind and visually impaired people, the Court of Appeals of the State of California, Fourth Appellate District, recently held that a California court may exercise specific jurisdiction over a Georgia LLC where the LLC purposefully availed itself of the privilege of conducting business in California by sending catalogs and selling over $300,000 worth of goods to California residents.
Legislators in Mississippi recently introduced SB 2548. the "Mississippi Consumer Data Privacy Act." The bill contains provisions similar to the California Consumer Privacy Act but goes further than the CCPA with a lower annual gross revenue threshold, applying to any for-profit business, or any entity that controls or is controlled by such a business, that does business in Mississippi.
Consumer data privacy appears to be on the minds of legislators in Arizona this session. As previously mentioned, House Concurrent Resolution 2013 was introduced in Arizona on Jan. 10, 2020, by five Republicans and one Democrat declaring: That the Members of the Legislature oppose the enactment of laws, the adoption of regulations or the imposition of out-of-state standards that would restrict or otherwise dictate standards related to consumer data privacy, absent a clear nexus with consumer harm. That the Members of the Legislature believe a single federal standard for comprehensive consumer data privacy regulation is preferable to a state-by-state approach. Not…