{"id":47,"date":"2011-10-06T11:23:22","date_gmt":"2011-10-06T15:23:22","guid":{"rendered":"http:\/\/blogs.duanemorris.com\/techlaw\/?p=47"},"modified":"2014-09-11T10:56:16","modified_gmt":"2014-09-11T14:56:16","slug":"the-ever-expanding-data-breach-notification-laws","status":"publish","type":"post","link":"https:\/\/blogs.duanemorris.com\/techlaw\/2011\/10\/06\/the-ever-expanding-data-breach-notification-laws\/","title":{"rendered":"The Ever Expanding Data Breach Notification Laws\u2026"},"content":{"rendered":"<p>Just when you thought the state breach notification laws could not get more cumbersome, states continue to amend their breach notification laws in an effort to expand the content and reach of the notice.<\/p>\n<p><span style=\"text-decoration: underline\">Texas Amendment Requires Notification to Affected Residents in All 50 States<\/span><\/p>\n<p>Texas recently amended its data breach notification law by expanding the notification requirements to cover affected non-residents. Prior to the amendment, Texas required that entities conducting business in Texas notify residents when sensitive personal information was believed to have been acquired by an unauthorized person. <!--more-->The amended law, which becomes effective September 1, 2012, now requires notification to affected persons residing in all 50 states <span style=\"text-decoration: underline\">if<\/span> affected non-residents live in a state that does not already require notification of the data breach. The Texas amendment is a novel use of the state breach notification laws, essentially requiring national notification of the breach. Penalties are incurred if non-residents are not appropriately notified. The Texas law also expands state health privacy requirements, imposing further notification requirements for a breach of health information.<\/p>\n<p><span style=\"text-decoration: underline\">California Amendment Requires More Specificity in the Breach Letter<\/span><\/p>\n<p>California also recently amended its data breach notification law. Effective January 1, 2012, California requires greater specificity for breach notification letters, requiring information be disclosed about the type of information breached, the estimated dates of the breach, contact information for credit reporting agencies and whether notification was delayed due to law enforcement investigation. Businesses suffering a breach will also have to notify the California Attorney General if the breach affects more than 500 residents.<\/p>\n<p>The complicated and ever expanding requirements of each state\u2019s breach notification laws, as well as the HIPAA breach notification rules for health information, necessitate businesses to retain experienced counsel to appropriately address the unfortunate, but inevitable data breach.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just when you thought the state breach notification laws could not get more cumbersome, states continue to amend their breach notification laws in an effort to expand the content and reach of the notice. Texas Amendment Requires Notification to Affected Residents in All 50 States Texas recently amended its data breach notification law by expanding &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blogs.duanemorris.com\/techlaw\/2011\/10\/06\/the-ever-expanding-data-breach-notification-laws\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;The Ever Expanding Data Breach Notification Laws\u2026&#8221;<\/span><\/a><\/p>\n","protected":false},"author":26,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[8,10,12,6,37],"ppma_author":[874],"class_list":["post-47","post","type-post","status-publish","format-standard","hentry","category-infotechtelecom","tag-data-breach","tag-jeskie","tag-privacy","tag-security","tag-security-breach"],"authors":[{"term_id":874,"user_id":26,"is_guest":0,"slug":"jeskie","display_name":"Sandra A. Jeskie","avatar_url":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-content\/uploads\/sites\/17\/2018\/01\/jeskiesandra-125x150.jpg","author_category":"","last_name":"Jeskie","first_name":"Sandra A.","job_title":"","user_url":"http:\/\/www.duanemorris.com\/attorneys\/sandraajeskie.html","description":"<a href=\"http:\/\/www.duanemorris.com\/attorneys\/sandraajeskie.html\">Read Sandra's bio.<\/a>"}],"_links":{"self":[{"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/posts\/47","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/comments?post=47"}],"version-history":[{"count":0,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/posts\/47\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/media?parent=47"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/categories?post=47"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/tags?post=47"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/ppma_author?post=47"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}