DATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL
|
|
- Sibyl Harmon
- 8 years ago
- Views:
Transcription
1 DATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL State AGs have been very active in the leadership of data privacy protection initiatives across the country, and have dedicated considerable time and resources to the issue. Indeed, the National Association of Attorneys General has recently made the issue of consumers data privacy the core theme of their annual Presidential Initiative Summit twice ( Privacy in the Digital Age for the summit and Protecting Our Digital Lives: New Challenges for Attorneys General for ) and many states, including California, Connecticut, Indiana, and Massachusetts, have established task forces or specialized branches within their AGs offices, dedicated solely to data privacy investigation and enforcement efforts. The retail industry has been at the center of much of this thought leadership and regulatory consideration, as well publicized data breaches at companies such as Target and Home Depot have made front page news. The statistics may justify this heightened scrutiny on the retail industry s data privacy practices. In 2013, 26% of all data breaches reported to the California AG s office came from the retail sector. These breaches resulted in the exposure of 15.4 million records, accounting for 84% of the total records breached in the state of California. This was the second year in a row that the retail section was the largest contributor of data breaches. It is clear that consumers data privacy issues are directly in the crosshairs of AGs across the United States and this target will not be shifting in the foreseeable future. Therefore, companies that deal with such consumer data, particularly those in the retail industry, are well advised to keep apprised of the enforcement efforts and trends coming the state AG s offices. State AGs Enforce Data Privacy Legislation Unique to Each State Each state approaches data security regulations in its own way, requiring companies to be aware of the unique requirements of the various states from which their customers reside. Currently, every state, save for Alabama, New Mexico, and South Dakota, has a state data breach statute [NOTE THIS LINK GOES TO THE BAKER STATE BY STATE SURVEY] to be enforced by the state s AG. In addition to regulating the responses to data breaches, many states demand that affirmative security requirements be in place to protect personal information. The bulk of these affirmative security requirements demand that states utilize reasonable security procedures to safeguard the sensitive data. For example, California requires entities to implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. Cal Civ Code (b)(emphasis added). The California statute goes on to require that businesses disclosing personal information to a third party must contractually obligate that third party to implement and maintain reasonable security procedures and to properly dispose of records containing personal information when disposal is needed. Similarly, section of Texas s Business and Commerce Code states a business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business. Tex. Bus. & Com.
2 Code (emphasis added). Other states with similar provisions affirmatively mandating that security measures be implemented and maintained include Arkansas (Ark. Code Ann (a & b)), Colorado (Colo. Rev. Stat. Ann ), Connecticut (Conn. Gen Stat (a)), Maryland (MD. Commercial Law Code Ann ), Nevada (Nevada Rev. Stat. 603A.210), Oregon (Oregon Rev. Stat. 646A.622), Rhode Island (Rhode Island Stat.; (3)), and Utah (Utah Code Ann ). Typically, entities subject to these provisions rely upon industry best practice to determine what is considered reasonable. Massachusetts has gone further than mandating that reasonable measures be put in place and maintained, and instead demands specific practices of entities collecting and using its residents personal information. If an entity handles a Massachusetts resident s personal information, under 201 CMR 17.00, that entity must establish an information security program which must include: Secure user authentication protocols including: (a) control of user IDs and other identifiers; (b) a reasonably secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices; (c) control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect; (d) restricting access to active users and active user accounts only; and (e) blocking access to user identification after multiple unsuccessful attempts to gain access or the limitation placed on access for the particular system; Secure access control measures that: (a) restrict access to records and files containing personal information to those who need such information to perform their job duties; and (b) assign unique identifications plus passwords, which are not vendor supplied default passwords, to each person with computer access, that are reasonably designed to maintain the integrity of the security of the access controls; Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly; Reasonable monitoring of systems, for unauthorized use of or access to personal information; Encryption of all personal information stored on laptops or other portable devices; For files containing personal information on a system that is connected to the Internet, there must be reasonably up to date firewall protection and operating system security patches, reasonably designed to maintain the integrity of the personal information; Reasonably up to date versions of system security agent software, which must include malware protection and reasonably up to date patches and virus definitions, or a version of such software that can still be supported with up to date patches and virus definitions, and is set to receive the most current security updates on a regular basis; and Education and training of employees on the proper use of the computer security system and the importance of personal information security. Violations of these regulations can result in penalties up to $5,000 for each violation affecting a Massachusetts resident, along with injunctive relief, attorneys fees and the reasonable costs of
3 investigation and litigation. Further, entities subject to this statute must further ensure that their third party service providers comply with these regulations. Massachusetts is not alone in enacting robust data security legislation to be enforced by its AG. Indeed, protecting the Californians privacy rights is noted as one of the California AG s top priorities. California was the first state to enact data breach legislation back in 2002, and is continuously on the forefront of data privacy legislative efforts. Key legislation that is subject to the AG s enforcement efforts include: The "Shine the Light" law (CA Civil Code ), which outlines procedures for companies to follow when a California resident requests to know what of their personal information has been shared with third parties, as well as specific language that companies doing business with California residents (regardless of the company s location) must include in their privacy policies. The Security Breach Notice requirements (Cal. Civ. Code , , and ), which requires businesses, state agencies, and local government agencies that experience a breach, or the reasonable expectation that there has been a breach, to issue notices containing specific information about the breach to those impacted individuals. AB 1710, which amended California s data breach laws to require that businesses that offer identity theft protection services, to provide those services at no charge and for at least 12 months. In addition to enforcing these privacy statutes, the California state AG s office regularly issues best practice guidance and other pieces of thought leadership, which in turn demonstrates the AG s enforcement priorities and concerns. Key areas of concern for the California AG include: Ensuring that operators of commercial web sites and online services that collect personally identifiable information create, maintain, and publish accurate privacy policies that comply with the requirements of the California Online Privacy Protection Act of Protecting children s information online through compliance with the Children s Online Privacy Protection Act. Policing privacy concerns arising with the increasing prevalence of mobile apps. State AGs across the country have been very active in the data privacy space. For example, the AGs of New York and Washington have recently pushed for updates to their respective states data privacy legislation, the AG of Illinois has called on Congress to enact a national data breach notification law, the Connecticut AG publicly sought meetings with leading companies to discuss privacy concerns about new products, and AGs across the country have regularly joined forces with each other to investigate breaches. Examples of Enforcement Efforts by State AGs Joint State AGs Enforcement Activity:
4 Zappos.com In January 2015, Zappos, an online clothing and shoe realtor settled a 2012 hacking breach with nine AGs representing Arizona, Connecticut, Florida, Kentucky, Maryland, Massachusetts, North Carolina, Ohio, and Pennsylvania. The no fault assurance of voluntary compliance resulted in a monetary payment from Zappos to the AGs and Zappos assurance of complying with a set of data security obligations ranging from providing reports of compliance with certain privacy regulations to having an independent audit conducted and establishing annual information security training to relevant employees. Home Depot, Inc. In September 2014, Home Depot announced that hackers had compromised the company s computer network, noting that they had no evidence that debit card PIN numbers had been compromised. The day after Home Depot s announcement, the AGs of California, Connecticut, and Illinois announced that they would be jointly leading an investigation, with regulators in Iowa and New York also participating. ebay, Inc. In February and March of 2014, online auction giant, ebay, experienced a large scale cyberattack that may have affected tens of millions of users, possibly over one hundred million users. In response, multiple state AGs have announced their interest in the breach and ebay s response, with the AGs of Connecticut, Florida, and Illinois stepping into the lead role for the investigation. Target Corporation After Target announced in December 2013 that hackers had gained access to at the personal information of at least 70 million customers, state AGs have taken the lead in conducting an investigation (though the FTC has announced that it has also initiated an investigation into the retail giant). Multiple states are actively engaged in this ongoing investigation, with the AGs of Connecticut, Illinois, and New York taking the lead. Neiman Marcus Group Ltd. LLC Following on the heels of the massive Target data breach, in January 2014, Neiman Marcus revealed that its systems had being hacked and consumer data had been exposed to intruders. State AGs immediately took notice of this breach, with the AGs of Connecticut and Illinois announcing that they would lead the investigations. LivingSocial Inc. In April of 2013, LivingSocial, a daily deals website, revealed that hackers had gained access to the personal information of its 50 million customers, which includes about 29 million American users. In May of that year, the Connecticut and Maryland AGs publicly initiated an investigation into the breach via a letter requesting Living Social to submit detailed information concerning the breach, the privacy systems in place, and the company s response to the breach. TJX Companies, Inc. In June 2009, TJX Companies, Inc. entered into a settlement agreement with 41 state AGs to resolve a massive security breach that lasted from 2005 to 2007 (this settlement is independent from the settlement the company reached with the FTC). Through this breach, it is believed that intruders gained access for hundreds of millions of debit and credit cards. The terms of the settlement require that TJX pay the states $9.75 million and implement an updated information security program. Individual State AG Enforcement Activity:
5 TD Bank The Massachusetts AG announced in December 2014 that a settlement was reached with TD Bank addressing a data breach whereby the bank lost back up tapes containing sensitive personal data for over 90,000 Massachusetts customers as well as the bank s failure to timely notify the AG s office and the impacted Massachusetts customers of the breach. The AG asserted that TD Bank initiated an internal investigation when it discovered the lost tapes, but failed to issue notices as required until about eight months after the discovery. The terms of the settlement include a payment of $825,000 by TD Bank, as well as assurances of future compliance with relevant Massachusetts laws regarding data security. Aaron s Inc. In October 2014, the California AG announced a $28.4 million settlement with the rent to own giant, to resolve the California AG s allegations that Aaron s Inc. violated the California rent to own law by engaging in improper billing practices and California data privacy law by permitting its franchised stores to install spyware onto computers rented to its customers which allowed the franchised stores to monitor the physical location of the computer, track keystrokes, and capture screenshots. Snapchat, Inc. In June 2014, the Maryland AG announced a settlement with mobile app company, Snapchat, for alleged deceptive trade practices and violations of COPPA. When announcing the settlement, the Maryland AG noted that "[c]ompanies that operate on the Internet or on mobile devices, especially those popular among youth, have a responsibility to protect their users' privacy and to be up front about what personal information they collect and the permanency of uploaded files." The settlement dictates that while Snapchat accepts no liability for any of the allegations of wrongdoing, it shall pay $100,000 to the state, in addition to undertaking various compliance efforts to ensure adherence to all relevant regulations. Kaiser Foundation Health Plan, Inc. In February 2014, Kaiser agreed to a stipulated final judgment following the California AG s filing a complaint the month before, charging the company violated the California code by failing to prevent a data breach and subsequently failing to timely notify the compromised individuals. The California AG charged that following the discovery at a thrift store of an unencrypted USB drive containing over 20,000 employee records, Kaiser spent the following 6 months conducting an internal investigation before it began to notify the affected individuals. The final judgment ordered Kaiser to pay a total of $150,000 and to update its data security practices including by providing notification of any future breach on a rolling basis (meaning that the company is ordered to provide notice as soon as is reasonably possible after identifying a portion of the total individuals affected by the breach, and then to continue to notify individuals as they are identified throughout and until the completion of the investigation). Shelburne Country Store In January 2014, Shelburne Country Store was notified of a data security breach to its website that had occurred in While the company promptly repaired the breach, it failed to notify the 721 individual customers who had used the website to process 770 credit card payments, until the Vermont AG notified the store of its obligation to provide notice. Following this violation, the Vermont AG fined Shelburne Country Store $3,000, and required the company to adopt new information security and legal compliance programs.
6 Natural Provisions, Inc. In September 2013, the Vermont AG announced a settlement with Natural Provisions, a health foods grocery chain, which included a penalty to the state and a requirement to upgrade the company s security systems following the chain s failure to comply with the Vermont breach response legislation. PulsePoint In July 2013, the New Jersey AG announced a $1 million settlement with PulsePoint, an online advertising company, after determining that the company had improperly placed cookie on consumers computers that would bypass the security settings of web browsers and allow third party advertisers to target ads based on the consumers online habits. The settlement further required PulsePoint to implement privacy controls and procedures, have an independent party conduct privacy audits over the course of 5 years, among other obligations. Schnuck Markets Inc. Following the March 2013 announcement of a data security breach caused by a cyberattack, the Missouri AG investigated the grocery chain for several months. Although the attack compromised 2.4 million payment cards used in 79 stores, the Missouri AG ultimately determined that Schnucks did not violate the Missouri data security laws, but was, in fact, a victim itself.
DATA BREACH CHARTS (Current as of December 31, 2015)
DATA BREACH CHARTS (Current as of December 31, 2015) The charts below provide summary information about data breach notification statutes across the country. California adopted the first data breach notification
More informationIDENTITY THEFT: DATA SECURITY FOR EMPLOYERS. Boston, MA 02110 Richmond, Virginia 23219 Tel. (617) 502.8238 Tel. (804) 783.7579
IDENTITY THEFT: DATA SECURITY FOR EMPLOYERS Daniel J. Blake, Esq. Vijay K. Mago, Esq. LeClairRyan, A Professional Corporation LeClairRyan, A Professional Corporation One International Place, Eleventh Floor
More informationMassachusetts Adopts Strict Security Regulations Governing Personal Information LISA M. ROPPLE, KEVIN V. JONES, AND CHRISTINE M.
Massachusetts Adopts Strict Security Regulations Governing Personal Information LISA M. ROPPLE, KEVIN V. JONES, AND CHRISTINE M. SANTARIGA Establishing itself as a leader in the data security area, Massachusetts
More informationExhibit B. State-By-State Data Security Overview
Exhibit B State-By-State Data Security Overview Michele A. Whitham Partner, Founding Co-Chair Security & Privacy Practice Group Foley Hoag LLP 155 Seaport Boulevard Boston, MA 02210 State Statute Citation
More informationData Breach Notification: State and Federal Law Requirements. Good News
Data Breach Notification: State and Federal Law Requirements Donna Maassen, CHC Director of Compliance Extendicare Health Services, Inc. & Andrew G. Conkovich, CHC Director of Regulatory Affairs & Compliance
More informationProtecting Social Security Numbers
Protecting Social Security Numbers: Federal Legislation in Sight STEVEN C. BENNETT, MAURICIO F. PAEZ, and Gwendolynne Chen Due to an alarming increase in identity theft crimes, a bipartisan bill, Protecting
More informationPayment Processing Guidance. 2013 Edition
PAYMAXX PRO, LLC Payment Processing Guidance 2013 Edition This document provides thought leadership on payment processing to new or existing merchants who accept credit/debit card or ACH payments. This
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationMassachusetts Identity Theft/ Data Security Regulations
Massachusetts Identity Theft/ Data Security Regulations Effective March 1, 2010 Are You Ready? SPECIAL REPORT All We Do Is Work. Workplace Law. In four time zones and 45 major locations coast to coast.
More informationUpdates on HITECH and State Breach Notification and Security Requirements Robin Campbell
Who s Afraid Of A Big Bad Breach?: Updates on HITECH and State Breach Notification and Security Requirements Robin Campbell Overview Identifying the laws that protect personal information and protected
More informationChex Systems, Inc. does not currently charge a fee to place, lift or remove a freeze; however, we reserve the right to apply the following fees:
Chex Systems, Inc. does not currently charge a fee to place, lift or remove a freeze; however, we reserve the right to apply the following fees: Security Freeze Table AA, AP and AE Military addresses*
More informationTJ Maxx Settlement Requires Creation of Information Security Program and Funding of State Data Protection and Prosecution Efforts
Litigation Privacy & Data Protection Global Sourcing July 1, 2009 TJ Maxx Settlement Requires Creation of Information Security Program and Funding of State Data Protection and Prosecution Efforts by Tara
More informationImpacts of Sequestration on the States
Impacts of Sequestration on the States Alabama Alabama will lose about $230,000 in Justice Assistance Grants that support law STOP Violence Against Women Program: Alabama could lose up to $102,000 in funds
More informationTape Vaulting Audit And Encryption Usage Analysis
Tape Vaulting Audit And Encryption Usage Analysis Prepared for Public Presentation (includes SB 1386, Gramm Leach Bliley, and Personal Data Protection and Security Act of 2005 Customer Information Protection
More informationVideo Voyeurism Laws
Video Voyeurism Laws Federal Law Video Voyeurism Prevention Act of 2004, 18 U.S.C.A. 1801. Jurisdiction limited to maritime and territorial jurisdiction, or federal property including but not limited to
More informationACE Advantage PRIVACY & NETWORK SECURITY
ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with
More informationPublic School Teacher Experience Distribution. Public School Teacher Experience Distribution
Public School Teacher Experience Distribution Lower Quartile Median Upper Quartile Mode Alabama Percent of Teachers FY Public School Teacher Experience Distribution Lower Quartile Median Upper Quartile
More informationDesignation of employee(s) in charge of the program; Identifying and assessing risks/threats and evaluating and improving
PRIVACY & DATA SECURITY LAW JOURNAL MASSACHUSETTS On September 22, 2008, Massachusetts adopted regulations that will require businesses, wherever located, that own, license, store, or maintain information
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationImagine discovering at the end of the day that your wallet is missing. Your driver s license, credit cards
EMPLOYMENT LAW Update Data Security Breaches: Are Your Human Resources Policies Equipped to Avoid and/or Repair the Damage? By Daniel Klein, Esq. INTRODUCTION Imagine discovering at the end of the day
More informationProtecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)
Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting
More informationState Income and Franchise Tax Laws that Conform to the REIT Modernization Act of 1999 (May 1, 2001). 1
State Income and Franchise Tax Laws that Conform to the REIT Modernization Act of 1999 (May 1, 2001). 1 1. Alabama does not adopt the Code on a regular basis but instead specifically incorporates only
More informationComparison of US State and Federal Security Breach Notification Laws. Current through August 26, 2015
Comparison of US State and Federal Security Breach Notification Laws Current through August 26, 2015 Alaska...2 Arizona...6 Arkansas...9 California...11 Colorado...19 Connecticut...21 Delaware...26 District
More informationThree-Year Moving Averages by States % Home Internet Access
Three-Year Moving Averages by States % Home Internet Access Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana
More informationNON-RESIDENT INDEPENDENT, PUBLIC, AND COMPANY ADJUSTER LICENSING CHECKLIST
NON-RESIDENT INDEPENDENT, PUBLIC, AND COMPANY ADJUSTER LICENSING CHECKLIST ** Utilize this list to determine whether or not a non-resident applicant may waive the Oklahoma examination or become licensed
More informationMAINE (Augusta) Maryland (Annapolis) MICHIGAN (Lansing) MINNESOTA (St. Paul) MISSISSIPPI (Jackson) MISSOURI (Jefferson City) MONTANA (Helena)
HAWAII () IDAHO () Illinois () MAINE () Maryland () MASSACHUSETTS () NEBRASKA () NEVADA (Carson ) NEW HAMPSHIRE () OHIO () OKLAHOMA ( ) OREGON () TEXAS () UTAH ( ) VERMONT () ALABAMA () COLORADO () INDIANA
More informationNavigating the New MA Data Security Regulations
Navigating the New MA Data Security Regulations Robert A. Fisher, Esq. 2009 Foley Hoag LLP. All Rights Reserved. Presentation Title Data Security Law Chapter 93H Enacted after the TJX data breach became
More informationHigh Risk Health Pools and Plans by State
High Risk Health Pools and Plans by State State Program Contact Alabama Alabama Health 1-866-833-3375 Insurance Plan 1-334-263-8311 http://www.alseib.org/healthinsurance/ahip/ Alaska Alaska Comprehensive
More informationJanuary 2007. An Overview of U.S. Security Breach Statutes
January 2007 An Overview of U.S. Security Breach Statutes An Overview of U.S. Security Breach Statutes Jeffrey M. Rawitz and Ryan E. Brown 1 This Jones Day White Paper summarizes what is generally entailed
More informationNet-Temps Job Distribution Network
Net-Temps Job Distribution Network The Net-Temps Job Distribution Network is a group of 25,000 employment-related websites with a local, regional, national, industry and niche focus. Net-Temps customers'
More informationSUPERIOR COURT OF THE STATE OF CALIFORNIA COUNTY OF SAN DIEGO
EDMUND G. BROWN JR. Attorney General of California FRANCES T. GRUNDER Senior Assistant Attorney General CATHERINE Z. YSRAEL Supervising Deputy Attorney General State Bar No. 1 1 West A Street, Suite 10
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationExpanding Your Business Through Franchising What Steps You Need to Take to Successfully Franchise Your Business. By Robert J.
Expanding Your Business Through Franchising What Steps You Need to Take to Successfully Franchise Your Business By Robert J. Steinberger What is a Franchise? California Corporation Code Section 31005.
More informationResponding to New Identity Theft Laws
Responding to New Identity Theft Laws March 2011 Privacy Expectations Today, there is increasing recognition that an individual has a legitimate interest in controlling the collection, use and disclosure/dissemination
More informationClient Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00
Client Advisory October 2009 Data Security Law MGL Chapter 93H and 201 CMR 17.00 For a discussion of these and other issues, please visit the update on our website at /law. To receive mailings via email,
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationState-Specific Annuity Suitability Requirements
Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware District of Columbia Effective 10/16/11: Producers holding a life line of authority on or before 10/16/11 who sell or wish to sell
More informationWorkers Compensation State Guidelines & Availability
ALABAMA Alabama State Specific Release Form Control\Release Forms_pdf\Alabama 1-2 Weeks ALASKA ARIZONA Arizona State Specific Release Form Control\Release Forms_pdf\Arizona 7-8 Weeks by mail By Mail ARKANSAS
More informationNational Credit Union Administration. Tips to Safely Conduct Financial Transactions Over the Internet
National Credit Union Administration Tips to Safely Conduct Financial Transactions Over the Internet NCUA 8061 January 2007 Introduction As use of the Internet continues to expand, more credit unions are
More informationConfirm that an on-line credit union is legitimate and that your share deposit is insured; Keep your personal information private and secure;
Introduction As use of the Internet continues to expand, more credit unions are using it to offer products and services or otherwise enhance communications with members. The Internet offers the potential
More informationEnglishinusa.com Positions in MSN under different search terms.
Englishinusa.com Positions in MSN under different search terms. Search Term Position 1 Accent Reduction Programs in USA 1 2 American English for Business Students 1 3 American English for Graduate Students
More informationMandatory Reporting of Child Abuse 6/2009 State Mandatory Reporters Language on Privilege Notes Alabama
Alabama any other person called upon to render aid to any child ALA. CODE 26-14-10 Alaska ALA. CODE 26-14-3(a) paid employees of domestic violence and sexual assault programs, and crisis intervention and
More informationCommission Membership
Multistate Tax Commission Update Joe Huddleston Executive Director 2008 Federation of Tax Administrators Annual Meeting Philadelphia, Pennsylvania Commission hip As of July 1, 2007 Compact Sovereignty
More informationModel Regulation Service January 2006 DISCLOSURE FOR SMALL FACE AMOUNT LIFE INSURANCE POLICIES MODEL ACT
Table of Contents Section 1. Section 2. Section 3. Section 4. Section 5. Section 6. Section 1. Model Regulation Service January 2006 Purpose Definition Exemptions Disclosure Requirements Insurer Duties
More informationDelivery of Recording Laws: Are Established Business Relationship Calls Exempt from Federal and State Bans 1?
Delivery of Recording Laws: Are Established Business Relationship Calls Exempt from Federal and State Bans 1? Jurisdiction Federal-TCPA (47 USC 227; 47 CFR 64.1200) Federal-TSR (effective until Sept. 1,
More informationLicensure Resources by State
Licensure Resources by State Alabama Alabama State Board of Social Work Examiners http://socialwork.alabama.gov/ Alaska Alaska Board of Social Work Examiners http://commerce.state.ak.us/dnn/cbpl/professionallicensing/socialworkexaminers.as
More informationNAIC ANNUITY TRAINING Regulations By State
Select a state below to display the current regulation and requirements, or continue to scroll down. Light grey text signifies states that have not adopted an annuity training program. Alabama Illinois
More informationIN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA ) ) ) ) ) ) ) ) ) ) ) ) ) ) CONSENT JUDGMENT
IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA UNITED STATES OF AMERICA, et al., v. Plaintiffs, HSBC NORTH AMERICA HOLDINGS INC., et al., Defendants. ) ) ) ) ) ) ) ) ) ) ) ) ) ) Civil
More informationFalse Claims Act Regulations by State
False Claims Act Regulations by State Under the False Claims Act, 31 U.S.C. 3729-3733, those who knowingly submit, or cause another person or entity to submit, false claims for payment of The purpose of
More informationBEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION
BEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION NOTICE: INSURING AGREEMENTS I.A., I.C., I.D. AND I.F. OF THIS POLICY PROVIDE COVERAGE
More informationA-79. Appendix A Overview and Detailed Tables
Table A-8a. Overview: Laws Expressly Granting Minors the Right to Consent Disclosure of Related Information to Parents* Sexually Transmitted Disease and HIV/AIDS** Treatment Given or Needed Alabama 14
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationTHE HIGH PRICE OF MEDICAL RECORD PRIVACY BREACHES
THE HIGH PRICE OF MEDICAL RECORD PRIVACY BREACHES Melissa D. Berry The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position
More informationMEDICAL MALPRACTICE STATE STATUTORY
MEDICAL MALPRACTICE STATE STATUTORY REFERENCE GUIDE 41 MEDICAL MALPRACTICE STATE STATUTORY REFERENCE GUIDE The following references to statutes relevant to medical malpractice cases are intended exclusively
More informationPC Encryption Regulatory Compliance
PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy SOLUTION BRIEF Table of Contents Personal Information at Risk... 1 Legislating the threat Three New Categories of Law...
More informationSTATE MOTORCYCLE LEMON LAW SUMMARIES
STATE MOTORCYCLE LEMON LAW SUMMARIES The Federal Lemon Law covers motorcycles and each state also has its own unique Lemon Law. In the chart below, Covered means whether or not a motorcycle is normally
More informationPrivacy and Security Concerns for Employee Benefit Plans with Service Provider Relationships. Ann Killilea, Andrew C. Liazos, and Amy C.
VOL. 28, NO. 2 SUMMER 2015 BENEFITS LAW JOURNAL Privacy and Security Concerns for Employee Benefit Plans with Service Provider Relationships Ann Killilea, Andrew C. Liazos, and Amy C. Pimentel Recent cyber-attacks
More information10/29/2012 CONSUMER AFFAIRS AND BUSINESS REGULATION AND DATA SECURITY LAW
International Association of Privacy Professionals Practical Privacy Series New York City MASSACHUSETTS OFFICE OF CONSUMER AFFAIRS AND BUSINESS REGULATION AND DATA SECURITY LAW Barbara Anthony Undersecretary
More informationWe do require the name and mailing address of each person forming the LLC.
Topic: LLC Managers/Members Question by: Jeff Harvey : Idaho Date: March 7, 2012 Manitoba Corporations Canada Alabama Alaska Arizona Arkansas California Colorado Arizona requires that member-managed LLCs
More informationThis chart accompanies Protection From Creditors for Retirement Plan Assets, in the January 2014 issue of The Tax Adviser.
This chart accompanies Protection From Creditors for Retirement Plan Assets, in the January 2014 issue of The Tax Adviser. State-by-state analysis of IRAs as exempt property State State Statute IRA Alabama
More informationCRS Report for Congress
Order Code RL32928 CRS Report for Congress Received through the CRS Web Breastfeeding and Jury Duty: State Laws, Court Rules, and Related Issues May 17, 2005 Douglas Reid Weimer Legislative Attorney American
More informationQuestion by: Karon Beyer. Date: March 28, 2012. [LLC Question] [2012-03-29]
Topic: LLC Question Question by: Karon Beyer : Florida Date: March 28, 2012 Manitoba Corporations Canada Alabama Alaska Arizona Arkansas California Colorado Arizona uses "manager" or "member," but not
More informationMODEL REGULATION TO REQUIRE REPORTING OF STATISTICAL DATA BY PROPERTY AND CASUALTY INSURANCE COMPANIES
Model Regulation Service June 2004 MODEL REGULATION TO REQUIRE REPORTING OF STATISTICAL DATA Table of Contents Section 1. Section 2. Section 3. Section 4. Section 5. Section 6. Section 7. Section 8. Section
More informationFRANCHISE SALES COMPLIANCE
FRANCHISE SALES COMPLIANCE FRANCHISE SALES COMPLIANCE Federal Law Presale Disclosures Advance Delivery of Franchise Contracts Financial Performance Representations State Franchise Sales Laws Business Opportunity
More informationMEMORANDUM. Express Consent Requirement for Delivery of Recorded Messages
MEMORANDUM DATE: August 26, 2008 RE: Express Consent Requirement for Delivery of Recorded Messages The following sets forth the individual state and federal requirements regarding express consent for the
More informationState Tax Information
State Tax Information The information contained in this document is not intended or written as specific legal or tax advice and may not be relied on for purposes of avoiding any state tax penalties. Neither
More informationPUBLIC HOUSING AUTHORITY COMPENSATION
PUBLIC HOUSING AUTHORITY COMPENSATION Background After concerns were raised about the level of compensation being paid to some public housing authority (PHA) leaders, in August 2011 HUD reached out to
More informationCurrent State Regulations
Current State Regulations Alabama: Enacted in 1996, the state of Alabama requires all licensed massage therapists to * A minimum of 650 classroom hours at an accredited school approved by the state of
More informationDoes your agency have authority to prevent governing people from opening another business when significant tax debts are owed?
Topic: Question by: : Turn and Burn Entities? Patrick Reed Washington Date: November 1, 2013 Manitoba Corporations Canada Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware Page 1
More informationPUBLIC INSURANCE ADJUSTER FEE PROVISIONS 50 STATE SURVEY AS OF 6/29/07. LIKELY YES [Cal. Ins. Code 15027]
Alabama Alaska Arizona Arkansas California [Cal. Ins. Code 15027] ] Colorado [Cal. Ins. Code 15027] Connecticut Delaware of the actual or final settlement of a loss [Conn. Ins. Code 38a-788-8] 2.5% of
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationState Attorneys General Investigations Experience
State Attorneys General Investigations Experience Individual & Multistate Investigation Experience Multistate Investigation Experience Note: Click state name for experience information troutmansanders.com
More informationACE American Insurance Company
Named Applicant: Date: ACE American Insurance Company ACE Advantage ACE American Insurance Company National Association of REALTORS Professional Liability Name of insurance company to which Application
More informationTable A-7. State Medical Record Laws: Minimum Medical Record Retention Periods for Records Held by Medical Doctors and Hospitals*
Summary of statutory or regulatory provision by entity. Alabama As long as may be necessary to treat the patient and for medical legal purposes. Ala. Admin. Code r. 545-X-4-.08 (2007). (1) 5 years. Ala.
More information9-Jul-08 State Responses to Housing Crisis: Legislative Solutions
9-Jul-08 State Responses to Housing Crisis: Legislative Solutions Arkansas 4/16/03 7/15/03 HB 2598 California 7/8/08 7/8/08 SB 1137 10/5/07 10/5/07 SB 223 10/5/07 SB 385 Enacts Arkansas Home Loan Protection
More informationCOLLISION DAMAGE WAIVER MODEL ACT. This chapter shall be known and may be cited as the Collision Damage Waiver Model Act.
Model Regulation Service April 1996 COLLISION DAMAGE WAIVER MODEL ACT Table of Contents Section 1. Section 2. Section 3. Section 4. Section 5. Section 6. Section 7. Section 1. Title of Chapter Scope Purpose
More informationLow-Profit Limited Liability Company (L3C) Date: July 29, 2013. [Low-Profit Limited Liability Company (L3C)] [July 29, 2013]
Topic: Question by: : Low-Profit Limited Liability Company (L3C) Kevin Rayburn, Esq., MBA Tennessee Date: July 29, 2013 Manitoba Corporations Canada Alabama Alaska Arizona Arkansas California Colorado
More informationBUSINESS DEVELOPMENT OUTCOMES
BUSINESS DEVELOPMENT OUTCOMES Small Business Ownership Description Total number of employer firms and self-employment in the state per 100 people in the labor force, 2003. Explanation Business ownership
More informationSECTION 109 HOST STATE LOAN-TO-DEPOSIT RATIOS. The Board of Governors of the Federal Reserve System (Board), the Federal Deposit
SECTION 109 HOST STATE LOAN-TO-DEPOSIT RATIOS The Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency
More informationTable of Mortgage Broker (and Originator) Bond Laws by State Current as of July 1, 2010
Alabama Ala. Code 5-25-5 Bond only required where licensee does not submit evidence of net worth. Loan originators may be covered by Alaska 25,000 Alaska Stat. 06.60.045 Arizona $10,000-$15,000 Ariz. Rev.
More informationAppendix A: Electronic Authentication Summary
Survey of State Electronic & Digital Signature Legislative Initiatives Appendix A: Electronic Authentication Summary State Initiative Status Type 1 Description Use 2 Class 3 Effects 4 Liability 5 Authority
More informationSECTION 109 HOST STATE LOAN-TO-DEPOSIT RATIOS. or branches outside of its home state primarily for the purpose of deposit production.
SECTION 109 HOST STATE LOAN-TO-DEPOSIT RATIOS The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency (the agencies)
More informationResearch Concepts Survey: IT Departments and Data Breach Prevention. Revealing current attitudes, data protection strategies and their effectiveness
1 Research Concepts Survey: IT Departments and Data Breach Prevention Revealing current attitudes, data protection strategies and their effectiveness >>> A new survey of 185 IT professionals indicates
More informationState FCRA Rulings. Abide by the Federal Trade Commission s Fair Credit Reporting Act (FCRA), 15 U. S. C. 1661 et seq. and the following state ruling:
State FCRA Rulings Alabama Alaska and the following state ruling: AS 12.62.160 (b) (8)Release and Use of Criminal Justice Information Subject to the requirements of this section, and except as otherwise
More informationHEALTH CARE INTERPRETERS: ARE THEY MANDATORY REPORTERS OF CHILD ABUSE? 1
1444 I St NW, Suite 1105 Washington, DC 20005 (202) 289-7661 Fax (202) 289-7724 I. Introduction HEALTH CARE INTERPRETERS: ARE THEY MANDATORY REPORTERS OF CHILD ABUSE? 1 As the nation continues to diversify
More informationState by State Summary of Nurses Allowed to Perform Conservative Sharp Debridement
State by State Summary of Nurses Allowed to Perform Conservative Sharp Debridement THE FOLLOWING ARE ONLY GENERAL SUMMARIES OF THE PRACTICE ACTS EACH STATE HAS REGARDING CONSERVATIVE SHARP DEBRIDEMENT
More informationNon-Profit Entity Conversion. Question by: Julia Dale. Date: February 6, 2012. [Non-Profit Entity Conversion] [2012 February 07]
Topic: n-profit Entity Conversion Question by: Julia Dale : Michigan Date: February 6, 2012 Manitoba Corporations Canada Alabama Alaska Arizona Arkansas California See below under additional comments Colorado
More informationREAL ESTATE RELATED ERRORS & OMISSIONS APPLICATION
Kinsale Insurance Company P. O. Box 17008 Richmond, VA 23226 (804) 289-1300 www.kinsaleins.com REAL ESTATE RELATED ERRORS & OMISSIONS APPLICATION APPLICANT S INFORMATION 1. Legal name of the business who
More information2014 INCOME EARNED BY STATE INFORMATION
BY STATE INFORMATION This information is being provided to assist in your 2014 tax preparations. The information is also mailed to applicable Columbia fund non-corporate shareholders with their year-end
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationSTATE BY STATE ANTI-INDEMNITY STATUTES. Sole or Partial Negligence. Alaska X Alaska Stat. 45.45.900. Except for hazardous substances.
State STATE BY STATE ANTI-INDEMNITY STATUTES Sole Negligence Sole or Partial Negligence Closes A.I. Loophole Comments Alabama Alaska Alaska Stat. 45.45.900. Except for hazardous substances. Arizona (Private
More informationLABORATORY CORPORATION OF AMERICA HOLDINGS BUSINESS PRACTICES MANUAL
LABORATORY CORPORATION OF AMERICA HOLDINGS BUSINESS PRACTICES MANUAL Subject: Compliance With False Claims Acts Section: 27.0 Under Federal and State Laws Update: January 2015 Replaces: January 2013 Initiated
More informationMASS MARKETING OF PROPERTY AND LIABILITY INSURANCE MODEL REGULATION
Table of Contents Model Regulation Service January 1996 MASS MARKETING OF PROPERTY AND LIABILITY INSURANCE MODEL REGULATION Section 1. Section 2. Section 3. Section 4. Section 5. Section 6. Section 7.
More informationBEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION
BEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION NOTICE: INSURING AGREEMENTS I.A., I.C., I.D. AND I.F. OF THIS POLICY PROVIDE COVERAGE
More informationUse of "Mail Box" service. Date: April 6, 2015. [Use of Mail Box Service] [April 6, 2015]
Topic: Question by: : Use of "Mail Box" service Kathy M. Sachs Kansas Date: April 6, 2015 Manitoba Corporations Canada Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware District
More information