June 2019

Key Point: If signed by the Governor, the legislation will require entities doing business in New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of private information.

As it closed its session, the New York legislature passed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). The bill, which the New York Attorney General’s (“AG”) office strongly supports, is now at the governor’s office for review. New York AG Letitia James stated New York will join the “increasing number of states that require reasonable data security protections, while being careful to avoid excessive costs to small business and without imposing duplicate obligations under federal or state data security regulations.”

If Governor Cuomo signs the bill, New York will build upon its existing data breach notification law, and add a new requirement for data custodians in the private and public sectors to adopt reasonable measures to safeguard sensitive data of New York residents.

On July 11, Husch Blackwell’s privacy and data security practice group will host a webinar analyzing the Gramm-Leach-Bliley Act (GLBA) exemption in the California Consumer Privacy Act (CCPA). In this webinar, we will discuss the following topics:

  • History of the CCPA’s GLBA exemption
  • Analysis of the GLBA’s definition of nonpublic personal information and relevant definitions from implementing

Key Point: The Illinois data breach notification statute will now require entities to notify the Illinois Attorney General if a breach affects 500 or more Illinois residents.

The Illinois General Assembly recently voted to approve an amendment to the state’s Personal Information Protection Act (“PIPA”) (815 ILCS 530/1 et seq.) with regards to companies’ and organizations’ obligations when a data breach occurs. Illinois Governor J.B. Pritzker is expected to sign the amendment into law.

In March we published an extensive analysis of proposed bills that would amend or supplement the California Consumer Privacy Act (CCPA). With a number of those bills having either passed the Assembly or been withdrawn , it is a good time to update our analysis.

In the below post, we identify and analyze these bills. In doing so, we first provide a summary of where the legislative process stands. We then analyze the most significant proposed changes and takeaways. Finally, we provide a table linking to each bill, identifying the issue to which it is directed, and providing an analysis of the bill’s proposed changes.

Over the next few months, Husch Blackwell’s privacy and data security blog will continue to track these bills. Register here to stay up-to-date.

The 86th Texas Legislature passed several bills related to cybersecurity during its regular session, which came to a close on May 27, 2019.

Texas Privacy Protection Advisory Council

HB 4390, which creates a Texas Privacy Protection Advisory Council to study privacy laws in Texas, other states, and relevant foreign jurisdictions, has been sent to the Governor for signature. Composed of members of the Texas House of Representatives, Texas Senate, and relevant industry members appointed by the Governor, the Council will be charged with recommending statutory changes regarding privacy and protection of information to the Legislature. The Council will expire on December 31, 2020.