Search Team

Search by Last Name
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Articles

Managing State Security Breach Notification Laws

June 26, 2013

Articles

Managing State Security Breach Notification Laws

June 26, 2013

Back to News Listing
fr-teal-blank-600.jpg

Managing State Security Breach Notification Laws

This article appeared in Pharmaceutical Compliance Monitor, June 26, 2013, and is reproduced with permission.

No company is entirely immune from the possibility of a security breach. Computer hackers are using increasingly sophisticated techniques to access company systems. Some security experts believe the greatest risk comes from the inside – employees or former employees who access and use company data in ways they shouldn’t. The proliferation of mobile devices means there are more lost and stolen laptops, smartphones and external drives containing sensitive data.

Companies should have written protocols in place to address a security breach before a breach happens. Some companies determine they are not subject to the Health Insurance Portability and Accountability Act (HIPAA) and think they have no notification obligations in the event of a breach. However, even if a company is not subject to HIPAA, it must consider the state security breach notification laws. These laws apply to any type of organization, irrespective of location and type of business.

Forty-six states and the District of Columbia have security breach notification laws (and Texas’ law on its face covers residents in the four states that do not have a law). These laws generally require the owner of data to notify people when their name and certain personal information has been compromised. Although many of these laws contain similar elements, there are enough differences that each relevant law must be analyzed and followed when there is a breach.

Upon the suspicion or discovery of a breach, companies should consider the following questions and definitions that are common under many of the state laws:

Please read “Managing State Security Breach Notification Laws” for more about the questions companies should consider.

If you have any questions about this article or would like to discuss this topic further, please contact the author, Donna Balaguer, or your Fish & Richardson attorney.

 

Stay current with Fish Sign up for our Newsletter