Oregon Governor Kate Brown recently signed a new data breach reporting law (S. 1551) that toughens the state’s existing requirements.

The new law requires companies to notify individuals within 45 days after a data breach has been discovered, unless a delay in notification is requested by law enforcement. It expands the definition of personal information

The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018.

The new law expands the definition of personal information that is protected under the statute. Presently, the definition of personal information includes a Maryland resident’s first and last name or initial and last name along with: a driver’s license number, Social Security number, financial account number, credit or debit card number (with a security code, expiry date or password that would allow the card to be used) or taxpayer identification number.
Continue Reading Maryland Data Breach Notification Law Updated: Effective 1/1/18