While administrative changes within federal agencies have raised uncertainty over enforcement of privacy and security initiatives, many state governments are looking at establishing new rules and laws directed at protecting individual privacy and enhancing online security.

Illinois, for example, is considering a “right to know” act. The proposed law would require owners of web sites or online services that collect personally identifiable information of Illinois residents to notify such residents when certain information is shared with third parties. Covered information would include identity data, financial information, location and even content like text, photos and videos.

In Colorado, new cybersecurity rules are under consideration. The rules would apply to investment advisors and broker-dealers licensed in the state and would require them to establish and maintain written cybersecurity procedures. The procedures would include undergoing an annual cybersecurity risk assessment, securing the email transmission of sensitive client information using encryption and digital signatures and employing specific authentication processes for electronic communications with clients.

The proposed Illinois law is available here. The Colorado rules can be found here. Contact us at Ossian Law regarding any information technology law matter.

© 2017 Ossian Law P.C.