In 2003, California passed a groundbreaking data breach notification law. Since then, 47 states have passed breach notification laws, most modeled on California's law. As data collection has become more ubiquitous, technologies more advanced and consumer data more valuable, the definition of "personal information" within these laws has expanded to include things like login credentials, biometric information and health data. Emily Tabatabai, CIPP/E, CIPP/US, and Shea Leitch, CIPP/E, CIPP/US, write for Privacy Tracker about this trend, noting that it "will likely continue unabated as states seek to keep up with trends in cybersecurity and the threat landscape ... Persistent monitoring of new legislation will continue to be important, as legislative activity does not appear to be slowing down."
If you want to comment on this post, you need to login.