RadarFirst Blog

Kelly Burg, CIPP/US, Senior Product Manager

Introducing tougher penalties for data breaches in Australia

A little over a year ago, an amendment to Australia’s Privacy Act 1988 established mandatory data breach notification obligations. Called the Notifiable Data Breaches scheme (NDB), these new requirements meant that organizations subject to the Act would now be required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of a data breach if the breach was likely to result in serious harm to individuals.

Read more

The Sooner the Better: Increasing Specificity in Notification Timelines

Today’s world is built for speed. Want a ride? Get an Uber or Lyft at your door in 10 minutes. Want your food faster? Use Grubhub and order ahead. Have a data breach requiring notification? Work quickly, because you may only have 72 hours to provide notification to individuals and regulatory authorities, depending on the jurisdiction.

Read more

A Regulatory Trend to Watch: The Expanding Scope of Personal Information

In 2018, less than 10 percent of data privacy or security incidents were breaches requiring notification. Yet it wouldn’t be surprising if that percentage starts to increase. One of the key factors in breach determination is the nature of the personal information exposed. Last year, we saw a significant expansion in the definition of personal information across multiple laws.

Read more

Breach Notification Regulatory Trends from 2018

2018 was all about change, especially in the breach notification realm. The tightening of existing regulations and the addition of new ones have created a seismic shift toward greater complexity and stringency. Compliance has never been more critical—and never more difficult.

Read more

PIPEDA’s New Mandatory Breach Notification and Recordkeeping Requirements: How Do They Compare with the GDPR and U.S. Regulations?

The landscape of global data breach laws has been marked by continuous change in recent years. One of the most significant this year was the coming into force of the EU General Data Protection Regulation (GDPR). Described by ICO Commissioner Elizabeth Denham as “the biggest change to data protection law in a generation,” the GDPR has certainly made an impact.

Read more

Regulatory Watchlist: Recent Changes to State Data Breach Notification Regulations

A number of state data breach bills have recently gone into effect, or are poised to go into effect in the next two months. Continuing our series of articles around trends in state data breach notification laws, let’s take a look at this legislation and see what trends we can identify.

Read more

Regulatory Watch List: Breach Notification Timelines in Proposed State Legislation

Working with privacy and compliance professionals, one of the challenges we often hear about is how difficult it can be to keep up with ever-changing breach notification regulations. Think of it this way: in the US alone there are 48 separate state breach notification laws (along with Washington, D.C. and three territories), each with their own unique definitions, breach notification triggers, and compliance requirements.

Read more

Maryland Revises Personal Information Protection Act, Brings More Specificity to Breach Notification Requirements

This year has barely begun and already there’s something new in the world of state breach notification requirements. On Jan 1, 2018, revisions to the Maryland Personal Information Protection Act (HB 974) went into effect, adding more specificity to the state’s breach notification requirements.

Read more

Washington State Attorney General Files Lawsuit Against Uber – Will Other States Follow?

On November 21, 2017, Uber disclosed a data breach potentially affecting 57 million passengers and drivers around the world, including over 10,000 Washingtonians. One week later, on November 28, 2017, Washington State Attorney General Bob Ferguson filed a consumer protection lawsuit.

Read more

Arkansas Enacts State Insurance Department General Omnibus Bill (SB 247)

Surprising some with its quick journey from filing to enrollment then approval by the governor – less than 30 days – a new State Insurance Department General Omnibus Bill goes into effect in Arkansas on August 1, 2017.

Read more

Growing Threat of Tax Fraud Leads Virginia to Amend Breach Notification Requirements

Effective July 1, 2017, the state of Virginia will require employers and payroll service providers to notify the attorney general without unreasonable delay if certain employee payroll data is compromised. Specifically, notification is required after an employer or payroll service provider discovers or is notified of unauthorized access and acquisition of unencrypted and unredacted computerized data containing a taxpayer identification number in combination with the income tax withheld for that taxpayer if the incident:

Read more

Introducing New Mexico’s Data Breach Notification Act

With the signing of HB 15 on April 6, 2017, New Mexico became the 48th state and 52nd US jurisdiction to enact a data breach notification law, leaving only Alabama and South Dakota to go.  The Data Breach Notification Act, which goes into effect June 16, 2017, is similar to many long-standing state breach notification laws, but it also incorporates several recent trends in breach notification amendments identified by the RADAR team.

Read more

New York Department of Financial Services Cybersecurity Regulation Adds Breach Notification Obligation for Financial Institutions

Effective March 1, 2017, 23 NYCRR 500, a new cybersecurity regulation from the New York Department of Financial Services (NYDFS), added a cybersecurity event notification obligation that could be triggered by a breach under the state’s general breach notification statute.

Read more

Changes in Breach Notification Law: Illinois Personal Information Protection Act

Effective January 1, 2017, Illinois House Bill 1260 significantly broadened the scope of the state’s Personal Information Protection Act. Included in the bill are key provisions that follow trends we identified in 2015 and 2016 as states continue to enact increasingly stringent and complex data breach notification legislation including amendments that significantly expand the scope of personal information. Illinois HB 1260:

Read more

Changes in Data Breach Notification Law - California Encryption Exceptions

Earlier this year, California Governor Jerry Brown signed into law AB 2828, an amendment to the state’s data breach notification law. This amendment, which takes effect January 1, 2017, changes the circumstances under which an entity must disclose a breach to affected individuals.  

Read more