Montana Governor Steve Bullock has signed a bill, H.B. 74, that will toughen the state’s breach notification law. The bill expands the definition of “personal information” covered by the law to include medical record information (as further defined by the state’s Insurance Information and Privacy Protection Act), taxpayer identification number, or other identification number issued by the Internal Revenue Service. The revised law also requires organizations to notify the Attorney General’s Consumer Protection Office in the event of a breach. Insurance entities such as licensees or insurance support organizations must also provide notification to the state Insurance Commissioner. Notice to these regulators must identify the number of affected individuals, state the date and distribution method of the notice to affected individuals, and include a copy of the notice provided to individuals. The law takes effect October 1, 2015.
On March 2, Wyoming Governor Matt Mead signed a bill, S.F. 36, amending the state’s data breach notification law to revise the state’s definition of “personal information” and to specify the type of information required in notices to individuals. The amendment removes from the definition of “personal information” an individual’s demand deposit account, savings account, employee identification number, place of employment, and mother’s maiden name. At the same time, it adds new data elements to the definition, including taxpayer identification number, birth or marriage certificates, biometric data, medical history and health insurance information. The new law also specifies that a notification letter to individuals affected by a breach must include the types of personal identifying information that were the subject of the breach, a general description of the breach, the approximate date of the breach, and the actions taken to protect the affected system from further breaches.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2015-03-20 14:04:562015-03-20 14:04:56Montana and Wyoming amend breach notification laws
“A question we often get as financial regulators is: ‘What keeps you up at night?’ The answer is ‘a lot of things.’ But right at the top of the list is the cybersecurity at the financial institutions we regulate.”
Benjamin Lawsky, prepared remarks from speech at Columbia Law School on February 25, 2015.1
Insurance regulators are gearing up to impose enhanced scrutiny on information security practices to boost protection of sensitive personal information.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2015-03-17 16:50:492015-03-17 16:50:49Increasing Scrutiny of Insurance Companies’ Cybersecurity Preparedness
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2015-03-01 13:50:332015-03-01 13:50:33The Last Year in Privacy & Security Litigation; Government Access to Private Sector Data Select Cases from January 1, 2014 to February 28, 2015
In the last few years, privacy has evolved to become a topic of concern for more and more people. Recent studies have also shown that people have stopped using a particular product or service because they were worried about how it used their personal data. However, what is less clear is whether this is a concern for all generations or does the common perception that young people do not care about their privacy hold some element of truth? William Long, Geraldine Scali and Francesca Blythe, Partner, Senior Associate and Associate respectively at Sidley Austin LLP, explore this question.
Section 33 of the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (the PDPO) deals with the transfer of personal data, and prohibits the transfer of personal data outside Hong Kong except in specified circumstances, such as when:
the data protection laws of the foreign country are similar to the PDPO; or
the data subject has consented in writing to the transfer.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2015-01-20 16:56:512015-01-20 16:56:51An Update on the Hong Kong Data Transfer Guidance
Traditionally, it was militaries that developed, then deployed unmanned aerial vehicles (drones) for combat roles or intelligence-gathering missions. The use of drone technology in the recreational space, and a projected spike in the commercial exploitation of drones, have caught the attention of Hong Kong and Singapore’s regulators. The ongoing privacy debate about how best to regulate presently under-regulated commercial drone use is expected to intensify. Actual or prospective commercial drone operators are advised to monitor what is expected to be an evolving aviation and privacy regulatory environment in two of the Asia Pacific’s key commercial centers.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2015-01-15 16:58:482015-01-15 16:58:48Legal Issues Surrounding the Use of Commercial Drones in Hong Kong and Singapore
During the opening session of any new Congress, the House of Representatives sets the rules that will govern hearings, floor proceedings and debate. Typically, rule changes are minor. This year, the House quietly made one important change that could significantly affect institutions that are subject to government inquiries.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2015-01-14 16:56:582015-01-14 16:56:58A House of Representatives Rules Change that Will Affect Congressional Investigations: What it Means for the Private Sector
On December 3, 2014, the Federal Trade Commission (FTC) announced that it reached a settlement with PaymentsMD, an Atlanta-based medical billing company, and its former CEO, Michael C. Hughes, for alleged violations of Section 5(a) of the Federal Trade Commission Act for using deceptive tactics to collect sensitive health information. Public comments on the FTC’s proposed Consent Orders are due January 2, 2015.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2014-12-16 17:04:062014-12-16 17:04:06New FTC Settlement Reveals Heightened Agency Scrutiny Regarding Patient Authorizations and the Collection of Health Information
Montana and Wyoming amend breach notification laws
Montana Governor Steve Bullock has signed a bill, H.B. 74, that will toughen the state’s breach notification law. The bill expands the definition of “personal information” covered by the law to include medical record information (as further defined by the state’s Insurance Information and Privacy Protection Act), taxpayer identification number, or other identification number issued by the Internal Revenue Service. The revised law also requires organizations to notify the Attorney General’s Consumer Protection Office in the event of a breach. Insurance entities such as licensees or insurance support organizations must also provide notification to the state Insurance Commissioner. Notice to these regulators must identify the number of affected individuals, state the date and distribution method of the notice to affected individuals, and include a copy of the notice provided to individuals. The law takes effect October 1, 2015.
On March 2, Wyoming Governor Matt Mead signed a bill, S.F. 36, amending the state’s data breach notification law to revise the state’s definition of “personal information” and to specify the type of information required in notices to individuals. The amendment removes from the definition of “personal information” an individual’s demand deposit account, savings account, employee identification number, place of employment, and mother’s maiden name. At the same time, it adds new data elements to the definition, including taxpayer identification number, birth or marriage certificates, biometric data, medical history and health insurance information. The new law also specifies that a notification letter to individuals affected by a breach must include the types of personal identifying information that were the subject of the breach, a general description of the breach, the approximate date of the breach, and the actions taken to protect the affected system from further breaches.
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
Increasing Scrutiny of Insurance Companies’ Cybersecurity Preparedness
“A question we often get as financial regulators is: ‘What keeps you up at night?’ The answer is ‘a lot of things.’ But right at the top of the list is the cybersecurity at the financial institutions we regulate.”
Benjamin Lawsky, prepared remarks from speech at Columbia Law School on February 25, 2015.1
Insurance regulators are gearing up to impose enhanced scrutiny on information security practices to boost protection of sensitive personal information.
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
The Last Year in Privacy & Security Litigation; Government Access to Private Sector Data Select Cases from January 1, 2014 to February 28, 2015
A few key takeaways shape the contours of litigation in these areas over the past 14 months.
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
Generational interpretations and expectations of privacy
Data Protection Law & Policy
In the last few years, privacy has evolved to become a topic of concern for more and more people. Recent studies have also shown that people have stopped using a particular product or service because they were worried about how it used their personal data. However, what is less clear is whether this is a concern for all generations or does the common perception that young people do not care about their privacy hold some element of truth? William Long, Geraldine Scali and Francesca Blythe, Partner, Senior Associate and Associate respectively at Sidley Austin LLP, explore this question.
View Article
William RM Long
London
wlong@sidley.com
Geraldine Scali
gscali@sidley.com
Francesca Blythe
London
fblythe@sidley.com
An Update on the Hong Kong Data Transfer Guidance
Section 33 of the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (the PDPO) deals with the transfer of personal data, and prohibits the transfer of personal data outside Hong Kong except in specified circumstances, such as when:
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
Legal Issues Surrounding the Use of Commercial Drones in Hong Kong and Singapore
From Military to Civilian Use
Traditionally, it was militaries that developed, then deployed unmanned aerial vehicles (drones) for combat roles or intelligence-gathering missions. The use of drone technology in the recreational space, and a projected spike in the commercial exploitation of drones, have caught the attention of Hong Kong and Singapore’s regulators. The ongoing privacy debate about how best to regulate presently under-regulated commercial drone use is expected to intensify. Actual or prospective commercial drone operators are advised to monitor what is expected to be an evolving aviation and privacy regulatory environment in two of the Asia Pacific’s key commercial centers.
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
A House of Representatives Rules Change that Will Affect Congressional Investigations: What it Means for the Private Sector
During the opening session of any new Congress, the House of Representatives sets the rules that will govern hearings, floor proceedings and debate. Typically, rule changes are minor. This year, the House quietly made one important change that could significantly affect institutions that are subject to government inquiries.
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
New FTC Settlement Reveals Heightened Agency Scrutiny Regarding Patient Authorizations and the Collection of Health Information
On December 3, 2014, the Federal Trade Commission (FTC) announced that it reached a settlement with PaymentsMD, an Atlanta-based medical billing company, and its former CEO, Michael C. Hughes, for alleged violations of Section 5(a) of the Federal Trade Commission Act for using deceptive tactics to collect sensitive health information. Public comments on the FTC’s proposed Consent Orders are due January 2, 2015.
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
Upcoming Events
Women in Privacy Networking Event
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
Linh Lieu
linh.lieu@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Alan Charles Raul
araul@sidley.com
Sean Royall
sroyall@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
John K. Van De Weert
jvandeweert@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com