Blog summary [5-minute read]

  • Breach laws A-Z
  • New data breach regulations in 2021
  • Tools Needed to Prepare for Privacy Incidents

Data Breach Laws are Like the Tide: Ever-Changing | RadarFirst

Tides are ever-changing and can impact the personal safety of those both afloat and ashore. If you’ve ever visited a coastal tide pool, you may have consulted a tide table to determine when the tide is low. A tide table predicts the daily times of high and low water, helping you to navigate the environment safely. If you’re lucky, you’ll witness sea anemones, sea stars, or crabs among the rocks at low tide. For those who work and play in the ocean, consulting tide tables is imperative, since tides can also affect the strength and direction of the current.

Like the tides, data breach laws are also ever-changing. Regarding privacy incidents, it’s imperative to assess the “water conditions” — current global privacy laws, harm rules, and latest regulations — to determine the ins and outs of data breach notification. Designed for privacy professionals, Radar privacy incident response software has data breach notification decision support built-in, so that you can make the right notification decision with the least effort.

If you want a quick peek at a data breach law “tide table,” check out RadarFirst’s Breach Law Radar. It’s free and provides a comprehensive list of data breach laws and more:

  • Interactive maps to quickly identify notification laws pertaining to a designated U.S. state
  • Up-to-date overviews of global breach notification laws and all 50 U.S. state regulations
  • Incident risk assessment and data breach reporting requirements – as well as penalties for non-compliance
  • Details regarding proposed and recently passed legislation

This up-to-date breach law library is only tapping the surface of the value Radar brings to the table. Users of the service also receive automated risk assessments based on the information compiled in the library to provide notification decision support in moments.

Covering Breach Laws from A to Z: Anchorage to Zanesville

RadarFirst Breach Law Library

Do you have a privacy incident on your hands, potentially affecting people in Anchorage? What about one potentially affecting individuals in Zanesville?

Visit the data breach laws interactive map and simply click on the map or menu. You’ll learn, for example, that according to Alaska Stat. 45-48 (H.B. 65), the law provides for a harm test to affected individuals as a condition of notification. The law also states that disclosure of a breach is not required if, after an appropriate investigation and after written notification to the attorney general of Alaska, an entity determines that there is not a reasonable likelihood that harm to consumers has resulted or will result from the breach. The determination must be documented in writing and maintained for five years.

You’ll also learn that Alaska requires notification to the state’s attorney general, but Ohio does not. The law in Ohio, Ohio Rev. (H.B. 104), on the other hand, states that in the event of a privacy incident, individuals must be notified via written, electronic, telephone, or substitute notice.

Ah, the varying data breach law and notification differences from A to Z.

New Data Breach Regulations in 2021

Did you know that new data privacy regulations have already been introduced in the U.S. this year? We outline the latest changes taking place in Maryland, Missouri, and New Jersey, in Complex Data Breach Notification Requirements. The RadarFirst regulatory team monitors activity on bills and proposed regulations that, if passed, could impact breach notification obligations.

Currently, these states currently have proposed legislation: Iowa, Maryland, Michigan, Mississippi, Missouri, Nevada, New Jersey, New Hampshire, New York, North Carolina, Oklahoma, Oregon, Pennsylvania, Virginia, and Washington.

Expect to see more information soon about Virginia, which is set to become the second state to pass data privacy legislation similar to California’s CCPA, known as the Consumer Data Protection Act, with a bill that could become law as early as April 2021.

Tools Needed to Prepare for Privacy Incidents

Today’s privacy incidents have increased in complexity, especially with privacy incident response obligations growing and expanding. In 2020, the number of exposed records hit a high not seen since 2005, according to TechRepublic’s 2020 sees a huge increase in records exposed in data breaches. Consider this: an incident may not surface as a breach for months.

The best way to reduce breach response time is to be quick and consistent. Radar offers data breach solution software that automates risk scoring and can guide you through the full incident response lifecycle from discovery to notification.

RadarFirst’s Breach Law Radar is a good place to get free, smart, at-a-glance data breach information by region, helping you safely navigate the waters — so you’ll know more about who-what-where-and-when to notify. With so much time saved on incident response management, you’ll have time to visit the coastal tide pools!

Click here to see firsthand how the Radar Breach Guidance Engine™ can cut your incident response efforts in half.