My role as a RADAR product manager specializing in regulatory content means I live and breathe data breach notification laws – exciting, nuanced, and incredibly complex work.
Navigating the intricacies of federal and state regulations can be like solving a puzzle: you work to align the right information, look for patterns, and plan several steps ahead so that when the last piece finally clicks into place you have a simple, clear picture of what the law requires.
The work we do researching laws, teasing out relevant factors, and incorporating data into the RADAR Breach Guidance Engine™ means our users can make informed decisions about incident risk and their notification obligations, trusting RADAR will provide complete and up-to-date notification guidance.
At any given time, there exist a number of active bills, both proposed and recently passed, that could change what compliance looks like under state and federal data breach notification laws. As you may imagine, this keeps the RADAR regulatory team very busy.
Here’s what a typical day looks like for our regulatory team:
- Checking in on the movement of proposed legislation.
- Researching and analyzing any possible impact of proposed and recently passed legislation.
- Connecting with state agencies to confirm analysis of select provisions in a bill.
- Confirming details such as state agency contact information in the event a breach notification is advised.
- Working with our development team to make sure we’re prepared to roll out changes on a bill’s effective date.
What We’re Seeing in 2016
2016 is shaping up to be a busy year in the world of breach notification law. So far, we have seen amendments that impact data breach notification go into effect in Oregon, California, and New Hampshire – with Rhode Island, Arizona, Tennessee, and Nebraska to follow in the coming months.
Drawing from the legislative movement around data breach notification in the last year, we have identified a number of trends we expect to continue.
Interested in reading more industry insights like this?
What is 2016's overarching trend in data breach law?
In general, the overarching trend in data breach legislation is increasing stringency and a growing complexity in breach notification obligations. Consider:
- 12 significant amendments to state breach notification laws have gone into effect in the past 17 months.
- 20 states and one territory now specify the contents of required notifications to individuals.
- 13 states now regulate medical information as PII.
- 22 states now require notice to the attorney general under specified circumstances.
This story isn’t over. View the rest of the series below, in which we dive deeper into the regulatory trend concerning personal information – and how that term is defined.