105k views
3 votes
Which state legislation requires companies to report security breaches within 48 hours

User Prattom
by
6.8k points

1 Answer

3 votes

Answer:

Database Security Breach Notification Act

Step-by-step explanation:

In the absence of federal action, states have been actively passing new and expanded requirements for privacy and cybersecurity.

While laws like the California Consumer Privacy Act (CCPA) are getting all the attention, many states are actively amending their breach notification laws.

Illinois, Maine, Maryland, Massachusetts, New Jersey, New York, Oregon, Texas, and Washington have all amended their breach notification laws to either expand their definitions of personal information, or to include new reporting requirements.

States Privacy and cybersecurity.

• Illinois (SB 1624) – Illinois proposes notification requirements to the Attorney General

• Maine (LD 946) – Maine places new restrictions on internet service providers (ISPs)

• Maryland (HB 1154) – Maryland imposes new requirements on entities following a security breach

• Massachusetts (HB 4806) – Massachusetts expands data breach notification obligations

• New Jersey • (S. 52) – New Jersey expands the definition of personal information and modifies notification standards

• New York (SB5575B)- New York expands the scope of protection under the law and establishes standards for businesses to protect consumer information

• Oregon (SB 684) – Oregon expands the scope of protected data and notification requirements for vendors

• Texas (HB 4390) – Texas adds definitive notification timeline and establishes an advisory council

• Washington (HB 1071) – Washington expands the definition of personal information and sets new notification requirements

March 1, 2020, the definition of “personal information” is expanded to include more categories.

Businesses may send breach notifications by email, unless the breach involves the credentials associated with that email account.

User Lordstyx
by
6.5k points