With major consumer data breaches making headlines on a semi-regular basis, legislators around the country are starting to hold businesses more accountable for cybersecurity compliance. Industry-specific laws such as HIPAA and the Gramm-Leach-Bliley Act (GLBA) already establish federal data security standards for some companies, and the Federal Trade Commission has taken the position that failure to have reasonable security measures is a violation of the FTC Act (see our DataPoints post here).
From Massachusetts to New Mexico, a handful of state legislatures also have ...
In just two years, social media password protection has gone from a privacy advocate’s dream to an employer’s harsh reality in many states. Maryland became the first state (in 2012) to enact legislation that prevented employers from requesting the user names or passwords to an employee’s or applicant’s personal social media accounts. Two states quickly joined Maryland in 2012 by passing similar password privacy laws, and nine more states added privacy protections in 2013.
So far in 2014, six states – Louisiana, New Hampshire, Oklahoma, Rhode Island, Tennessee and ...
About Data Points: Privacy & Data Security Blog
The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.
Data Points: Privacy & Data Security Blog Updates
- The Consumer Financial Protection Bureau Stakes Out Its Enforcement Authority Over Unfair Information Security Practices
- Maryland Amendments to Data Security and Breach Notification Law
- The Devil Really is in the Details: The SEC Proposed Rule on Cybersecurity Risk Management for Investment Advisors, Registered Investment Companies and BDCs
- Will the U.S. Finally Pass Comprehensive Data Privacy Legislation?