California recently signed into law Senate Bill No. 446, which amends its data breach notification law, Section 1798.82 of the Civil Code, to require covered companies to notify affected California residents within 30 calendar days of discovery of the data
Last week, South Dakota moved closer to implementing a data breach notification law, while Colorado legislators introduced a new bill requiring “reasonable security procedures,” imposing data disposal rules and shortening the time frame in which to alert authorities regarding a breach. South Dakota and Colorado are the latest states taking steps in cybersecurity lawmaking in light of Congress’s inaction regarding data breach legislation.
On June 11, 2015, Connecticut Governor Dannel Malloy signed Senate Bill 949 (“S.B. 949”) into law. This new law imposes a various new requirements relating to data breach response and notification, including imposing a hard 90-day deadline for data breach reporting and requiring that entities regulated by the Connecticut Insurance Department to implement and maintain a “comprehensive information security program” to protect personal information. The various sections of S.B. 949 take effect in stages, with some having taken effect on July 1, 2015, and others becoming effective as late as October 1, 2017.