Tag Archives: data breach notification bills

Data Privacy and Network Security Alert: More changes to state breach notification laws



The State of Vermont has substantially revised its data protection and breach notification law. The revisions to 9 V.S.A. Chapter 62 are summarized below:

  • The term “personally identifiable information” (PII) has been adopted and replaces the term “personal information” (PI).
  • A “security breach” is now defined as “unauthorized acquisition of electronic data or a reasonable belief of unauthorized acquisition of electronic data.”
  • The amendment also adds four factors for organizations to consider when determining whether PII has been acquired or is reasonably believed to have been acquired by an unauthorized person, including indications that the information:
Read full article

Data Privacy and Network Security Alert: A flurry of federal data security and data breach notification bills introduced into Congress

Recent high profile data breaches and increased attention to the protection of consumers’ personal information has intensified the momentum towards enactment of a federal data security and data breach notification law. Currently 46 states and the District of Columbia have enacted data breach notifications with drastically different requirements and policies. Within the last few months, Congress has been inundated with national data security bills outlining an organization’s obligations when it suffers a data breach. Unfortunately, the proposed federal bills would, in many instances, further complicate an entity’s obligations upon a breach.

Among the numerous federal data security bills introduced, the following four are most recent and significant:

Read full article