Category: Computer and Software Law

Do business in Texas? New rules for data breach!

July 16, 2019  |  Carole Clark Isakson

California enacted the most comprehensive data privacy laws in the US – it goes into effect on January 1, 2020 (see The California Consumer Privacy Act recent blog post). In the meantime, other states are following suit. If you do business with individuals or companies outside Minnesota, make sure you are keeping up to speed with these new laws! Texas has amended the laws that apply to data breaches, this change applies on January 1, 2020. What is a data breach? Well, it can be slightly different from state to state, which is part of the challenge. In Texas, the law concerns sensitive personal information, which is defined as 1) an individual’s first name or first initial and last name in combination with SSN, driver’s license number or other specific account numbers that could permit access to an account and 2) which information is not encrypted. Disclosure of this information to someone that is not authorized to have it is a security breach, it’s that simple. And what happens then? Give notice to the affected persons within 60 days of discovery, and take other steps required by law (and good business practices). Texas has joined a growing group of states (roughly 30) that require that in the event of a data breach the…

Read More

The California Consumer Privacy Act – Be Prepared

July 8, 2019  |  Carole Clark Isakson

DOES IT APPLY TO YOU? Do you do business in California, or otherwise collect personal information from California residents? (Hint, if you operate a website, this likely applies to you). Note that the CCPA does not apply to non-profits. It has been a year since California passed the most comprehensive data privacy laws in the U.S., and those laws go into effect in January of 2020. Is your business ready for this??? Many have been waiting for amendments to pass, but as this hasn’t happened yet (and may not for many months) the time has come to make sure your business is in compliance. Even if it applies to you, the CCPA has some important exceptions, designed to keep small businesses exempt from what can be pretty significant compliance requirements. CCPA only applies to businesses that fall into one of these three categories: 1. Buys, sells or shares personal information of 50,000 consumers [or devices]; or 2. Has gross revenue in excess of $25 million; or 3. Derives 50{a0c01d20c42349884e67ff80c137866b0a9fe47aaae8f8a86a605a369ae487c3} of its annual revenue from sharing personal information Under the law a California “consumer” has the right to: (1) request access and details about the personal information that has been collected about him or her over the last year; (2) request that this data…

Read More

Does Your Company’s Board have Cybersecurity Expertise?

June 4, 2019  |  Carole Clark Isakson

“No”, you say, “they are great business people, and we have an IT department!”  That answer could cause you trouble. With all due deference to your IT department, it is quite possible that its expertise does not include the legal aspects of cybersecurity. It will no doubt ensure appropriate encryption and firewalls, but does it have the authority (or expertise) to advise you on data privacy laws and breach notification requirements? Can it develop compliant notices and work with your insurance company on any claims? It will know how to stop the breach (assuming it is an electronic one) but what then? Do not rely on your IT department to provide legal advice on cybersecurity. This is one of the many tasks that should be handled by your company management, including your board (if you have one). And what if the board fails to do this? Before answering that, consider the obligations of those who operate the company. Your company officers and board have the ultimate responsibility for running the company. Decisions are made based on the best available information at the time, and as long as this is true the individuals who run the company will generally be protected from claims by the company and its owners. This rule (called the “business…

Read More