Experienced business
attorney K. Todd Wallace comments on recent trend in data protection laws,
including changes to Louisiana law.
In a legal area with increasing regulatory oversight,
companies dealing with personal or sensitive information must keep up with the
latest development in data protection. Although
securing customer data and ensuring compliance with protection obligations is
obviously critical, another important aspect of data protection is ensuring
appropriate response in case of an actual data breach.
A company’s obligations in case of data breach is now
regulated by law in all 50 U.S. states and the District of Columbia. All states and DC now have data breach
notification laws on the books, requiring companies to timely notify consumers
of the breach. Furthermore, recent trends
continue toward expansion of information covered by these data protection and
strengthening of consumer protection.
The newly enacted General Data Protection Regulation (“GDPR”) in Europe is a major development in the field of data protection. GDPR is one of the most expansive data protection laws in the world. With the passage of GDPR and increasing public concern over data protection, many U.S. states are now strengthening their own data protection laws. Data protection laws in California and Vermont are some of the most stringent in the country. Furthermore, multiple states have amended their data protection laws in 2018, mostly expanding the scope of protected information and clarifying or adding obligations in case of a breach.
For example, Louisiana is one on the states that has amended its laws in 2018 to provide stronger protections. Act 382 strengthens protection for consumers with personal information in commercial database. The Act expands the scope of covered information to biometric data, such as fingerprints, voiceprints, retina scan, iris scan, and other biological identifying characteristics. The Act also requires prompt notice of a breach. If a database containing such information is breached, the company managing the database must notify the relevant authorities within 60 days.
The newly enacted General Data Protection Regulation (“GDPR”) in Europe is a major development in the field of data protection. GDPR is one of the most expansive data protection laws in the world. With the passage of GDPR and increasing public concern over data protection, many U.S. states are now strengthening their own data protection laws. Data protection laws in California and Vermont are some of the most stringent in the country. Furthermore, multiple states have amended their data protection laws in 2018, mostly expanding the scope of protected information and clarifying or adding obligations in case of a breach.
For example, Louisiana is one on the states that has amended its laws in 2018 to provide stronger protections. Act 382 strengthens protection for consumers with personal information in commercial database. The Act expands the scope of covered information to biometric data, such as fingerprints, voiceprints, retina scan, iris scan, and other biological identifying characteristics. The Act also requires prompt notice of a breach. If a database containing such information is breached, the company managing the database must notify the relevant authorities within 60 days.
Act 382 also has a rather wide scope of coverage. Not only does the act cover companies that
conduct business in Louisiana, it also covers entities that license or own
computerized data of personal information of Louisiana residents. Such “Subject Entities” must implement
reasonable security procedures and measures to guard against breaches,
destruction, use, modification, and disclosure.
Subject Entities must also ensure that personal information is destroyed
in a sufficient manner to make the information unreadable or
undecipherable. These changes mean that
businesses that fall under the scope of the law must take care to ensure that
their data protection practices meet the law’s requirements and that they have
a plan in place in case of any breach of personal information.
About K Todd Wallace
K Todd Wallace is an attorney and founding partner of the law firm Wallace Meyaski LLC. He has nearly 20 years of experience in the legal and business professions with established excellence in trial advocacy, negotiation, strategic and initiative planning, employment law compliance, government relations, mergers and acquisitions, and team building.
Website: https://ktoddwallace.com/
Law Firm Website: http://www.walmey.com/our-attorneys/k-todd-wallace/
Twitter: www.twitter.com - Todd Wallace@tarheeltodd94
News: https://hype.news/k-todd-wallace-attorney-in-new-orleans-louisiana-usa/
News: https://attorneygazette.com/kenneth-todd-wallace
Blog at: https://ktoddwallaceblog.blogspot.com/
K Todd Wallace is an attorney and founding partner of the law firm Wallace Meyaski LLC. He has nearly 20 years of experience in the legal and business professions with established excellence in trial advocacy, negotiation, strategic and initiative planning, employment law compliance, government relations, mergers and acquisitions, and team building.
Website: https://ktoddwallace.com/
Law Firm Website: http://www.walmey.com/our-attorneys/k-todd-wallace/
Twitter: www.twitter.com - Todd Wallace@tarheeltodd94
News: https://hype.news/k-todd-wallace-attorney-in-new-orleans-louisiana-usa/
News: https://attorneygazette.com/kenneth-todd-wallace
Blog at: https://ktoddwallaceblog.blogspot.com/
*** K. Todd Wallace is an attorney at Wallace Meyaski in New Orleans. He has nearly 20 years of experience in the legal and business professions with established excellence in trial advocacy, negotiation, strategic and initiative planning, government relations, mergers and acquisitions, and team building. See http://www.walmey.com/our-attorneys/k-todd-wallace/