State data privacy laws Archives - IT Governance USA Blog

What is a Data Breach and How Do You Handle One?

Luke Irwin September 15, 2022

A data breach is a type of security incident that leads to the accidental or unlawful destruction, loss, alteration, authorized disclosure of, or access to, sensitive information. These incidents occur when personal information is mishandled, whether through malicious intent, carelessness, …

[Continue Reading...]

U.S. Companies Don’t Comply with Privacy Laws, but That is About to Change

William Gamble May 19, 2022

This is a guest article by IT Governance USA GDPR Consultant William Gamble. I am one of the few lawyers with an advanced certification in cybersecurity. I help organizations identify and comply with relevant cybersecurity and privacy laws. Four years …

[Continue Reading...]

Inside Congress’s ‘Game-changing’ Incident Response Legislation

William Gamble April 20, 2022

Last month, the U.S. Congress passed the CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022), which requires organizations involved in critical infrastructure to report cybersecurity incidents within 72 hours. Jen Easterly, the head of the CISA (Cybersecurity and …

[Continue Reading...]

Understanding the U.S.’s data service laws

William Gamble January 20, 2022

The United States was once the leader in creating rules curtailing fraud on stock exchanges. One of its most famous rules, Rule 10-b5 codified at 17 CFR 240.10b-5, was created in the 1940s and prohibits acts or omissions resulting in …

[Continue Reading...]

What are your SEC reporting requirements for cybersecurity incidents?

William Gamble October 21, 2021

The odds of an organization experiencing a cyber security breach are about 30% in any two-year period. A cybersecurity breach can have major, sometimes catastrophic, effects – on an organization’s reputation and even the cost of debt. This makes responding …

[Continue Reading...]

Understanding data privacy in the United States

Luke Irwin July 28, 2021

Data privacy laws in the United States are notoriously tricky. There are a patchwork of industry-specific federal laws and state legislations whose scope and jurisdiction vary. And to complicate matters further, each state has its own requirements for disclosing security …

[Continue Reading...]

Cyber compliance checklist for businesses

Preston Bukaty November 24, 2020

Do you operate in Massachusetts? Do you regularly process the personal information of people in the state? If so, you may be aware of a law dating back to 2010 that requires that “every person that owns or licenses personal …

[Continue Reading...]

California votes to replace the CCPA with the CPRA

Preston Bukaty November 10, 2020

The U.S. Presidential election has left voters grasping for certainty when it comes to executive leadership. What is clear is that voters in California have overwhelmingly approved Proposition 24, also known as the CPRA (California Privacy Rights Act). The CPRA …

[Continue Reading...]

Hacked: Minnesota Department of Human Services – Phishing Attack

espellman February 7, 2019

The Minnesota DHS (Department of Human Services) announced that an employee’s email account was accessed by criminal hackers last September.The phishing attack may have exposed the PII (personable identifiable information) of about 3,000 people within its Children and Family Services …

[Continue Reading...]