IDEAS home Printed from https://ideas.repec.org/a/aza/csj000/y2021v4i4p368-379.html
   My bibliography  Save this article

The laws governing data breaches: An update

Author

Listed:
  • Dayanim, Behnam

    (Paul Hastings LLP, USA)

  • Butler, Roya

    (Paul Hastings LLP, USA)

Abstract

Working remotely has compounded vulnerabilities; cybercriminals have exploited the pandemic as an opportunity to target companies. Even before the pandemic, data breaches were increasing in both breadth and scope. According to data from Norton,1 the first half of 2019 saw 3,800 publicly disclosed breaches, exposing 4.1bn records.2 That reflected a rise of 54 per cent, compared with the same time period in 2018.3 States across the country have started to react, enacting privacy, data security, cyber security and data breach notification laws, and courts have continued — slowly and inconsistently — to embrace broader theories of potential recovery by victims of those breaches. The past two years have seen several noteworthy developments in the courts and in the legislatures. This paper examines those judicial developments, as well as state statutes and regulations such as the California Consumer Privacy Act of 2018 (CCPA), the 2019 amendment to the Massachusetts Data Breach Notification Act (MA-DBNA) and the New York Stop Hacks and Improve Electronic Data Security Act of 2020 (SHIELD Act). After examining those developments, this paper concludes with insights into best practices in light of the ever-shifting judicial, legislative and regulatory climate surrounding data breaches.

Suggested Citation

  • Dayanim, Behnam & Butler, Roya, 2021. "The laws governing data breaches: An update," Cyber Security: A Peer-Reviewed Journal, Henry Stewart Publications, vol. 4(4), pages 368-379, June.
  • Handle: RePEc:aza:csj000:y:2021:v:4:i:4:p:368-379
    as

    Download full text from publisher

    File URL: https://hstalks.com/article/6346/download/
    Download Restriction: Requires a paid subscription for full access.

    File URL: https://hstalks.com/article/6346/
    Download Restriction: Requires a paid subscription for full access.
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    More about this item

    Keywords

    cyber security; information security; ransomware; data breach; standing; class action;
    All these keywords.

    JEL classification:

    • M15 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - IT Management

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:aza:csj000:y:2021:v:4:i:4:p:368-379. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Henry Stewart Talks (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.