Category

U.S. State Law

14 January 2019

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law.  By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies.  See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500.  (For more information on South Carolina’s adoption of the Model Law, see our prior coverage.)  (more…)

EmailShare
27 December 2018

Debate Continues on the Future of U.S. Privacy Regulation from California to Capitol Hill

With the midterm election out of the way, legislators on Capitol Hill and in state capitols are getting ready to consider the future of data privacy regulation in 2019 and consumer and industry groups continue to weigh in on the ongoing debate.  The debate has begun to move from principles and frameworks to drafting of legislative language.

(more…)

EmailShare
03 December 2018

Privacy Legislation Could Provide Common Ground for the Newly Divided Congress

*This article first appeared in the Hill.com on November 19, 2018

With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy. The new privacy zeitgeist follows years of data breaches as well as new concerns about invisible data collection, political micro-targeting and manipulation, the proliferation of internet-connected devices, and a potential lack of transparency in the decisions that machines increasingly make about us.

(more…)

EmailShare
09 November 2018

State Attorneys General Election Results Will Have an Impact on Business

The results of Tuesday’s midterm elections were notable for several reasons, and not just in the races at the top of the ticket — there were also significant changes in the state Attorney General ranks. Forty jurisdictions (including Guam, Virgin Islands and the District of Columbia) had Attorney General candidates on their ballots, including open races in 13 jurisdictions. It was a somewhat strong showing for Democrats, who picked up open seats in Colorado (Phil Weiser), Michigan (Dana Nessel) and Nevada (Aaron Ford). In addition, Democrat Josh Kaul defeated incumbent Republican Brad Schimel in Wisconsin. Overall, there are 14 new Attorneys General. A chart at the end of this Update lists the results of all of Attorney General elections. (more…)

EmailShare
01 November 2018

Ohio Law Recognizes Safe Harbor in Data Breach Litigation

Companies with robust cybersecurity programs may still be vulnerable to attack. A new, first-of-its-kind law in Ohio now recognizes this fact. On November 1, 2018, the Ohio Data Protection Act (SB 220) establishes a safe harbor from state tort actions in data breach cases for entities that have developed an information security program with “administrative, technical, and physical safeguards for the protection of personal information and that reasonably conforms to an industry recognized cybersecurity framework.” Without establishing minimum cybersecurity standards, the Ohio law affords defendants an “affirmative defense” against state tort actions and establishes an important precedent that may serve as a model for other states and the federal government to follow. (more…)

EmailShare
10 October 2018

California and Preemption

As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy.  Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates.  First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year.  Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States.  As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts.  (more…)

EmailShare
02 October 2018

The Trump Administration’s Approach to Data Privacy, and Next Steps

* This article originally appeared in Law360 on September 27, 2018.

On Sept. 25, 2018, the Trump administration proposed an approach and initiated a process to modernize U.S. data privacy policy.  The administration’s approach is “risk-based” rather than rule-based, and, as such, signals a willingness to move away from a privacy model of mandated notice and choice that has “resulted primarily in long, legal, regulator-focused privacy policies and check boxes.” Rather, the administration is proposing that U.S. privacy policy “refocus” on achieving desirable privacy “outcomes,” such as ensuring that users are “reasonably informed” and can “meaningfully express” their privacy preferences, while providing organizations with the flexibility to continuing innovating with cutting-edge business models and technologies.

(more…)

EmailShare
28 September 2018

Senate Hearing on Federal Privacy Law: Question is Not Whether But What Form

On September 26, the Senate Commerce Committee invited tech and telecom companies to the Hill to discuss safeguards for consumer data privacy. “The question,” noted Chairman John Thune, “is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take.” The Senators and testifying witnesses expressed strong support for a comprehensive federal privacy law. (more…)

EmailShare
26 September 2018

Developing IoT Policy from California to Washington, D.C.

The growing network of internet of things (IoT) devices is expected to reach 30 billion devices by 2020. Despite this tremendous growth, the state of IoT regulation is patchwork at best. Although the FTC is the primary security regulator for consumer IoT devices, there are no comprehensive regulations or laws specific to the unique challenges of the IoT market. This absence of clear and unambiguous standards can be a burden for IoT companies who are looking to innovate while maintaining their customers’ privacy.  (more…)

EmailShare
25 September 2018

Movement Towards a Comprehensive U.S. Federal Privacy Law: Witnesses Prepare to Testify in Senate Hearing

The last six months have been busy ones for privacy watchers, with the entry into force of the GDPR and the enactment and amendment of the California Consumer Privacy Act.

An increasing number of eyes are now turning to the U.S. Congress to see how it will react to these developments, and Data Matters – and the privacy community generally – will thus be closely watching the Senate Committee on Commerce, Science, and Transportation on Wednesday, September 26, 2018, when it hosts a hearing titled “Examining Safeguards for Consumer Data Privacy.” (more…)

EmailShare
XSLT Plugin by BMI Calculator