If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators. In some states (for example, California, North Carolina, Indiana, and New York), the Attorney General’s office has established an online portal that… Continue Reading
As we reported last month, the FCC was preparing a proposed rulemaking (NPRM) to establish privacy and data security requirements for broadband internet access service (BIAS) providers. The FCC has now released that proposal with comments and reply comments due May 27th and June 27th respectively. The brief background to this proposal is that in… Continue Reading
In 2004, Mintz Levin created a compendium of state data breach notification laws and has been updating it on a regular basis ever since. Our latest update is available here, and it should be part of your incident response “toolbox” and part of your planning. Some changes of note Tennessee is our most recent state to amend its… Continue Reading
21st Century Oncology Holdings, a company that operates a chain of 181 cancer treatment centers in the US and Latin America, announced on Friday March 4 that it was latest victim of a cyber-attack affecting 2.2 million individuals. When did the attack occur? Months ago. Read on for the gory details…..
Yesterday, we reviewed the staggering numbers in California Attorney General Kamala Harris’ 2016 Data Breach Report. In addition to providing a comprehensive analysis of four years of data breaches, the report provides what is an answer to the vexing question of what her office considers to be “reasonable security.”
Look for Part 2 tomorrow: Recommendations on how to stay out of future reports California Attorney General Kamala Harris has released a report of the data breaches that have been reported to her office from 2012 until 2015. Although the California data breach notification law took effect in 2003, beginning in 2012, businesses and government… Continue Reading
There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US. But if it doesn’t happen, the US is actually not any worse… Continue Reading
The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch). The Commission claims that the Regulation is good for individuals and good for business. We’ll leave that to readers . . . and history . . . .to decide. As regulations go, the… Continue Reading
As expected, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted today to adopt the new General Data Protection Regulation (see the summary we provided yesterday here). A LIBE press release announced the vote with the proclamation “New EU rules on data protection put the citizen back in the driving seat.” The vote was… Continue Reading
Updated at 8:50 pm GMT on 16 December 2015. The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15. One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to… Continue Reading
As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a number of financial services companies that had been victimized by data thieves. That very same day saw… Continue Reading
Originally posted in Mintz Levin’s Health Law & Policy Matters Blog Written by Jordan Cohen In yet another data breach affecting millions of individuals, UCLA Health System (“UCLA”) reported on Friday – July 17, 2015 – that hackers had accessed portions of its health network that contained personal information, including names, addresses, dates of birth, social security numbers, medical record… Continue Reading
It’s Monday! Once again, data breaches and hacks are front and center, so here are three stories you should know about to start your week. 1. The Site that Promises “Discreet Encounters” Hacked — Karma? If you have not heard the provocative ad campaign launched by a site called AshleyMadison, it may surprise… Continue Reading
In the absence of any meaningful moves in Congress to enact uniform data breach notification, the states continue to make adjustments to existing laws to better protect affected residents in their states.
It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers: It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading
On this Privacy Monday, we can definitely say that the long winter of our discontent (at least for some of our readers) is over. Happy spring! In case you missed it, last Wednesday we presented the fourth in our Wednesday Webinar series on the progress of the EU draft Data Protection Regulation and what we… Continue Reading
On March 18, 2015 – just three months after denial of a motion to dismiss consumer claims arising from Target’s 2013 data breach – Target and the consumer class filed papers seeking approval of a settlement. The proposed settlement agreement creates a $10 million cash fund to be paid out to class members claiming actual damages arising from… Continue Reading
State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the definition of “personal information” and require notice to the state attorney general’s consumer protection office. H.B. 74, signed into law by Governor Bullock,… Continue Reading
Originally posted to Mintz Levin’s Employment Matters Blog These days most employers manage a vast amount of electronic information about their employees, including the employees’ personal identifying information. But, what obligations do employers have to unionized employees with respect to managing that information and bargaining with them in the event of a breach of their private… Continue Reading
In a recently-released Form 8-K filing announcing fourth quarter and year-end financial results, Target Corporation reported that expenses incurred in 2014 relating to its 2013 data breach totaled over $191 million. Those expenses were offset by $46 million in insurance proceeds, resulting in a $145 million charge against Target’s 2014 operating results. The expenses incurred… Continue Reading
By now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc. Rather than reiterate the facts as currently known (see Anthem’s dedicated website for updates), we’ll look at the fallout and what’s next.
As expected in his State of the Union address last night, President Obama made it very clear that cybersecurity is on his agenda for 2015. After stating that: “No foreign nation, no hacker should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids,”… Continue Reading
Written by Cynthia Larose, CIPP and Ari Moskowitz, CIPP This has been a big week for cybersecurity announcements from Washington. In what the White House has called a series of “SOTU Spoilers,” President Obama announced his intention to follow through on some of the recommendations in his administration’s Big Data report — the culmination of… Continue Reading
Three privacy/security stories that you should know as you start your week: President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals In a series of speeches this week, President Obama will preview important issues to appear in his January 20th State of the Union address. A White House official said… Continue Reading