Joseph Sullivan, Uber’s beleaguered former Chief Information Security Officer, was back in the news last month when he appealed his 2023 conviction for his role in concealing a 2016 breach of Uber’s network and customer data.
Data breaches have become a serious issue for businesses, leading to numerous putative class action lawsuits alleging that the defendants failed to prevent the unauthorized disclosure of personally identifiable information or protected health information of their employees or customers.
On October 1, Montana became the newest state with a comprehensive data privacy law, the Montana Consumer Data Privacy Act.
The Commonwealth of Pennsylvania has amended its Breach of Personal Information Notification Act. The amendments, available here 2024 Act 33 - PA General Assembly (state.pa.us), took effect last week, on September 26. The key provisions are as follows:
The State of Utah recently amended its general data breach notification statute to update the content that must be reported to the Utah Attorney General or the Utah Cyber Center. The amendments also clarify when notifications can be considered confidential or classified under the state’s public records law.
On April 17, Colorado Gov. Jared Polis (D) signed into law a bill that will extend privacy rights to individuals’ neural data. Although certain states have enacted privacy laws that include protection of sensitive and biometric data, Colorado’s law is the first that explicitly addresses neural data.
On April 6, the Maryland legislature passed the Maryland Online Data Privacy Act of 2024, sending the bill to the state’s governor for signing. The bill comes on the heels of the Kentucky Consumer Data Protection Act, which was signed into law on April 4. If the Act is signed into law, it will bring the number of states with comprehensive privacy laws to 16.
Data processing agreements are a standard part of business arrangements involving personal data due to the European Union’s General Data Protection Regulation as well as the ever-expanding number of U.S. consumer privacy statutes.
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.
Subscribe
Contributors
- Suzie Allen
- John Babione
- Bert Bender
- Jason Cherry
- Christopher R. Deubert
- Maria Efaplomatidis
- Sebastian Fischer
- Laura Funk
- Lauren Godfrey
- Amir Goodarzi
- Taren N. Greenidge
- Chasity Henry
- Julie Hess
- Sean Hoar
- Donna Maddux
- David McMillan
- Ashley L. Orler
- Todd Rowe
- Melissa J. Sachs
- Allen Sattler
- Alyssa Watzman
- Aubrey Weaver
- Xuan Zhou