Category Archives: Data Security

States Continue to Upgrade Data Privacy Laws – A Look at North Carolina

A recent Security Breach Report published by the North Carolina Attorney General’s Office provides a snapshot of the various data security threats currently riling the state’s public and private sectors.  Since 2006, the year North Carolina businesses and government entities became statutorily obligated to report breaches to the Attorney General’s Office, reported data breaches have skyrocketed from 86 to over one thousand.  In turn, the number of affected consumers has increased ten-fold from 500,000 to well over 5 million during that same period. … More

Cybersecurity 2018 – The Year In Preview: State Enforcement Trends

As state Attorneys General continue to flex their muscles in response to serious data security lapses nationwide, patchwork enforcement continues.  Strategies employed by state Attorneys General in response to nationwide data breaches are as diverse as the profusion of data security threats alarming consumers on a daily basis.  The recent Equifax data breach offers a prime example.  The disparate reactions of Massachusetts, California, Texas and New York reflect the various tools at the disposal of state AGs in the increasingly difficult struggle to protect consumer information,… More

Cybersecurity 2018 – The Year in Preview: HIPAA Compliance

Like many things in Washington, the HIPAA landscape in 2018 will be shaped by the shifting priorities of President Trump’s new administration.  Early signs point to less funding for the Office of Civil Rights (“OCR”) within the Department of Health and Human Services, which is responsible for enforcing HIPAA.  This is likely to lead to fewer enforcement actions, but not necessarily less aggressive enforcement within those actions,… More

The Massachusetts Attorney General’s Complaint Against Equifax

As most are aware, the Massachusetts Attorney General has won the race to the courthouse and been the first regulator to file suit against Equifax.

  • The 28 page complaint is summed up on paragraph 4:Consumers do not choose to give their private information to Equifax, and they do not have any reasonable manner of preventing Equifax from collecting, processing, using, or disclosing it. Equifax largely controls how,…
  • More

CyberOhio Initiative – An Update from the Ohio AGO

We recently posted on the Ohio Attorney General’s CyberOhio initiative and forecasted that the Ohio Attorney General might be the first of many Attorneys General to join forces with industry in the struggle to protect consumer information.  Ohio Deputy General Counsel Craig Rapp, Director of CyberOhio, contacted our blog not only to agree with our prediction, but also to shed more light on what is transpiring in his state. … More

Friend or Foe? State Attorneys General Start to Change Their Tune on Industry & Cybersecurity

Should businesses be thought of as victims or bad actors when it comes to data breaches?  State attorneys general are embracing the idea that businesses are not necessarily adversaries in the struggle to protect sensitive consumer information.  Over the past several years state attorneys general have exerted efforts to both educate businesses as to their data privacy responsibilities, and collaborate with businesses in constructing more robust cybersecurity policies.  The spotlight now is on the Ohio Attorney General,… More

The Future of Data Privacy Regulation in Massachusetts? AG’s Office Foreshadows State Action on Consumer Data in First-of-its Kind Conference

What is the future of data privacy regulation in Massachusetts?

On March 24, 2016, the Massachusetts Attorney General’s Office gave us a glimpse. In collaboration with Harvard’s Berkman Center for Internet and Society, and MIT’s Internet Policy Research Initiative and Computer Science and Artificial Intelligence Laboratory, the AG’s Office convened a “Forum on Data Privacy.”  In this first-of-its-kind conference,… More

COPPA, Meet DOPPA – AG Action Leads to New Child-Protection Data Privacy Laws

Delaware Attorney General Matt Denn is serious about online privacy, and aims to make Delaware “the safest state in America for kids to use the internet.” This August, Delaware Governor Jack Markell signed into law four online privacy bills drafted by the Attorney General, the most substantial of which is the Delaware Online Privacy and Protection Act.

DOPPA goes further than its federal cousin,… More

“Aloha” Means Cybersecurity, Consumer Multistates, and Swimming with Turtles at Conference of Western Attorneys General

Attorneys General, meeting at the Conference of Western Attorneys General (“CWAG”) on Maui recently, tackled as usual a range of issues from the Rule of Law, an ongoing and important initiative with Mexican police, prosecutors and businesses, to EPA regulatory actions. Through daily multiple panels and Q & A, AGs of several terms’ experience and some still within their first six months of service rubbed shoulders with federal regulators from the FTC as well as the Chief Information Security Officer from Comcast and the General Counsel from LexisNexis.… More

House Subcommittee Wants a Common Floor; Massachusetts Attorney General Warns Against a Low Ceiling

According to its sponsor, Michael Burgess (R-TX), the goal of the Data Security and Breach Notification Act of 2015 is “a single, federal standard on data security and breach notification.” The Act was approved by the House Subcommittee on Commerce, Manufacturing, and Trade, of which Rep. Burgess is Chair, on March 25, 2015. The Act would create federal standards for securing personal information, as well as for investigating and reporting breaches.… More