Tag archives: data breach notification law

US banking regulators promulgate a final rule for 36-hour notice of breach

Photo of David Kessler (US)Photo of David Kitchen (US)Photo of Tim Byrne (US)Photo of Susan Ross (US)By David Kessler (US), David Kitchen (US), Tim Byrne (US) and Susan Ross (US) on Posted in Data breach
On November 18, 2021, the US federal banking regulators Office of the Comptroller of the Currency, Federal Reserve Board and Federal Deposit Insurance Corporation jointly announced a final rule that will require banking organizations (which includes the U.S. operations of foreign banking organizations) to notify their regulators as soon as possible but no later than 36 hours of … Continue reading

Proposed “Cyber Incident Reporting for Critical Infrastructure Act of 2021”

Photo of Will Daugherty (US)Photo of Susan Ross (US)By Will Daugherty (US) and Susan Ross (US) on Posted in Cybersecurity
On August 27, 2021, the U.S. House Homeland Security Committee released a draft bill that would, among other things, establish a Cyber Incident Review Office (CIR Office) within the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the U.S. Department of Homeland Security (DHS), and require critical infrastructure owners and operators to report … Continue reading

US banking regulators propose a rule for 36-hour notice of breach

Photo of David Kessler (US)Photo of Susan Ross (US)By David Kessler (US) and Susan Ross (US) on Posted in Data breach
On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.” … Continue reading

US states pass data protection laws on the heels of the GDPR

Photo of Jeewon Kim Serrato (US)Photo of Chris Cwalina (US)Photo of Anna Rudawski (US)Photo of Tristan Coughlin* (US)By Jeewon Kim Serrato (US), Chris Cwalina (US), Anna Rudawski (US), Tristan Coughlin* (US) and Katey Fardelmann (US) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightSeveral U.S. states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). See our previous blog posts on GDPR here and here.   Like their European counterparts, these state laws are intended to provide consumers with … Continue reading

Massachusetts Senate passes data protection bill targeting consumer credit agencies

By on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightOn Thursday, April 26, 2018, the Massachusetts Senate unanimously passed a data breach protection bill that strengthens consumer protections after security breaches involving consumer credit reporting agencies.  If passed, the proposed legislation would amend Massachusetts’s current breach notification law.  The bill aims to help consumers protect their sensitive information before, during, and after a data … Continue reading

Delaware amends data breach notification law

By on Posted in Data breach
Norton Rose Fulbright - Data Protection Report blogEarlier this month, Delaware revamped its data breach notification law, with changes to go into effect April 14, 2018.  Most notably, the new law requires any entity that has suffered a data breach that includes social security numbers to provide free credit monitoring services to affected residents for one year. The entity must provide all … Continue reading

Australian mandatory data breach notification on the agenda again

By on Posted in Data breach, Regulatory response
Data Protection Report - Norton Rose FulbrightThe Australian Federal Parliament commenced sitting on August 30, 2016, and the long-proposed mandatory data breach notification legislation is again on the newly-elected Coalition Government’s agenda. Currently, the Australian Privacy Act 1988 (Cth) does not require an organisation or agency to notify an individual of a data breach involving their personal information, but this looks … Continue reading

Five new privacy laws on tap in California

By on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightThis month, California Governor Jerry Brown signed into law five new privacy bills that the Governor said are intended to strengthen data protections for the state’s residents. The laws, effective as of January 1, 2016, implement California’s Electronic Communications Privacy Act and amend the state’s breach notification statute, among other things. In this post, our Data Protection, Privacy … Continue reading

Washington State amends its breach notification law

By on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightA more robust data breach notification law looks to make its way onto the books in the state of Washington as newly passed legislation was sent to Governor Jay Inslee’s desk earlier this week for final approval.  House Bill 1078, which has now passed both legislative houses by unanimous vote, if ultimately signed by the … Continue reading
LexBlog