New Rhode Island data security law takes effect July 2

June 22, 2016 0 COMMENTS

by Timothy C. Cavazza and Matthew H. Parker

The Rhode Island Identity Theft Protection Act of 2015 will take full effect on July 2, meaning employers need to have their data security and notification policies in compliance or face serious financial consequences if even one data breach occurs.

The new law applies to employers and municipal agencies. It requires that any person or entity in Rhode Island that stores, collects, processes, maintains, acquires, uses, owns, or licenses “personal information” about a Rhode Island resident to “implement and maintain a risk-based information security program [that] contains reasonable security procedures and practices appropriate [for] the size and scope of [the] organization, the nature of the information[,] and the purpose for which the information was collected.”

read more…

New Oregon data security law takes effect January 1

December 16, 2015 0 COMMENTS

by Joanna Perini-Abbott

Oregon’s expanded data breach law will take effect January 1, making two significant changes to the old law—a notification requirement and a change in the definition of “personal information.”  Lock that Data Down

Like the old law, the new law requires businesses that maintain personal information digitally, including information about employees, to notify Oregon residents whose electronically stored information has been compromised as soon as the breach is discovered.

read more…

New Florida law offers employers protection against hackers

September 28, 2015 0 COMMENTS

by Lisa Berg

Effective October 1, Florida business owners will have a new civil remedy in the event they’re harmed by unauthorized access to their computers or information stored on protected computers.

Under Florida’s Computer Abuse and Data Recovery Act (CADRA), businesses can pursue a civil action for “harm or loss” suffered as a result of unauthorized access to “protected computers.”

read more…