Haynes and Boone's Newsroom

Update On Mandating Data Security
09/21/2009
Andrew S. Ehmke, Gavin D. George

Many states have enacted statutes imposing general obligations on companies to maintain “reasonable” security procedures and practices to protect the personal information of state residents from unauthorized access or use.3 A few states, however, are taking data security statutes a step further by mandating that companies take specific actions to prevent a security breach. Nevada and Connecticut have imposed, and Massachusetts is about to impose, obligations on companies to comply with certain security measures when storing, transmitting and disposing of personal information. Companies with nationwide clientele, or employees located throughout the country, should be aware of the growing and varying data security requirements and should review their data protection programs to ensure that they are in compliance with developing requirements. This article explores a few specific developments in state law.

To read the full article, click on the PDF below.