Jeff Kosseff, Meena Harris, and Caleb Skeath have a really nice recap of the year. It begins:
- Data Breaches
- Studies show increase. Amidst a flurry of high-profile breaches during 2014, several studies confirmed that data breaches as a whole have risen significantly over the past few years. The California Attorney General released a study showing a 28% increase in breaches in 2013 as compared to 2012. Another study, which examined the volume of data breaches during the first quarter of 2014, found an increase of 233% compared to the same time period in 2013.
- State laws. In April, Kentucky became the 47th state to enact a data breach notification law. Florida andIowa each amended their data breach notification laws in 2014 to, among other changes, enhance regulator notification requirements. California amended its data breach notice law to expand the types of information covered and to require certain companies to provide one year of free credit monitoring to affected individuals (although the statutory language on the latter point is subject to multiple interpretations).
- Federal legislation. Numerous data breach bills, including the Data Security Breach Notification Act of 2014 and the Personal Data Protection and Breach Accountability Act, were introduced in Congress, although none passed during 2014. The Senate Judiciary Committee, the Senate Commerce Committee, and the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade, among others, held hearings during 2014 to discuss the need to address data breaches and the possibility of enacting federal legislation.
Read more on Covington & Burling InsidePrivacy.