Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: breach notification

Posted in Health Privacy/HIPAA

HHS Reaches First Settlement with Local Government Over HIPAA Violations

The U.S. Department of Health and Human Services sent a strong message to local governments last week when it reached a settlement with Skagit County, Washington over alleged violations of the Health Insurance Portability and Accountability Act. This is the first time that HHS has settled charges against a local—and not state level—government entity for HIPAA violations.

Posted in Health Privacy/HIPAA

California AG Files Suit Alleging Untimely Breach Response

Last week, California Attorney General Kamala Harris filed suit against Kaiser Foundation Health Plan, Inc. (“Kaiser”) in relation to a 2011 data security breach. The AG’s complaint alleges that even though Kaiser provided notice of the breach to affected individuals, it took too long to issue the required notifications.

Posted in Cybersecurity & Data Breaches

California Expands Breach Notification Law to Cover Online Accounts

California recently passed a law updating its breach notification requirements and making it the first state to expand the definition of personal information to expressly include login credentials for online accounts. Under the new law, companies would be required to notify individuals if and when their passwords, usernames, or security question and answers are compromised or stolen. The latest amendments become effective as of January 1, 2014.

Posted in Consumer Privacy

Hogan Lovells Contributes Focus on Privacy and Trade to Global Privacy Meeting

At the 35th annual Conference of Data Protection Authorities and Privacy Commissioners in Warsaw, Poland today, Hogan Lovells partner and privacy practice lead Christopher Wolf spoke on the issue of privacy and trade in light of the ongoing Transatlantic Trade and Investment Partnership negotiations between the EU and the U.S. This post contains prepared remarks to the commissioner’s on the need for interoperable cross-border privacy standards and the merits of the U.S. privacy regime.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

Settlement for Failure to Scrub Data from Photocopier: A $1.2 Million Lesson Learned

In a recently-announced settlement between the Department of Health and Human Services Office for Civil Rights and a New York health plan, the health plan agreed to pay $1.2 million for the breach of electronic patient records stored in the internal memory of digital photocopiers leased and improperly disposed by the plan.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, Financial Privacy, International/EU Privacy

EU Commission: Data Breach Notification for Telecoms Providers and ISPs within 24 Hours

Under a new regulation on the notification of personal data breaches, providers of publicly available electronic communication services must provide notices to authorities of breaches within 24 hours. If the provider lacks full information about the data breach, a preliminary notice is required, with a subsequent notification within 3 days after the initial notification. The subscribers [...]

Posted in International/EU Privacy

European Parliament Committee Releases Proposed Amendments to Data Protection Regulation

Jan Albrecht, the rapporteur for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, released a draft report last month with key proposals to amend the European Commission’s proposed Regulation on data protection. The report includes a total of 350 amendments to the original proposal.  Highlights of the 215-page report include the following:

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Philippine Data Privacy Law is Signed into Law

Philippine President Benigno Aquino III signed into law the Data Privacy Act of 2012, which is modeled after the EU Data Protection Directive and the Asia-Pacific Economic Cooperation (APEC) Privacy Framework. The Act contains provisions that govern the processing of personal information, the rights of data subjects (e.g., notice, access, and data portability), and the security of personal information (which includes a breach notification requirement).

Posted in News & Events

Thoughts on Privacy and Data Security from the May 11 PLI Cloud Computing Seminar

Privacy and data security were at the forefront of the May 11 PLI seminar program entitled “Cloud Computing 2012: Cut Through the Fluff and Tackle the Critical Stuff,” with presenters including Hogan Lovells partners Chris Wolf and Philip Porter. This blog post contains summarizes the panel discussions, with topics ranging from breach preparation to cloud contracting.

Posted in International/EU Privacy

London Privacy Workshop Seeks Input for UK Consultation

Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.

Posted in Consumer Privacy

White House Announces New Privacy Framework Including Consumer Privacy Bill of Rights

The White House released its long-awaited Privacy “White Paper” that outlines the Obama Administration’s proposal for a new American privacy framework, which consists of four key elements: (1) a Consumer Privacy Bill of Rights; (2) a multi-stakeholder process to determine how these rights will apply in specific business contexts; (3) an effective enforcement model; and (4) greater interoperability between the privacy frameworks of the United States and its international partners.

Posted in International/EU Privacy

European Commission Releases Official Draft of Groundbreaking Data Protection Regulation

The European Commission today published its proposal for a new Data Protection Regulation. The Regulation, which is not likely to come into force before 2014, is intended to harmonise data protection law in all 27 EU Member States and thus remove current differences which have proved problematic for business and individuals.

Posted in International/EU Privacy

Details of EU Data Protection Reform Reveal Dramatic Proposed Changes

Although the European Commission was expected to release its overhaul of the 1995 Data Protection Directive (95/46/EC) next month, some of the details of those changes emerged earlier than expected this week. In this post, we summarize the many key changes between the Data Protection Directive and the Commission’s draft Data Protection Regulation.

Posted in Cybersecurity & Data Breaches

House Subcommittee Holds Hearing on Breach Notification Proposal

A House subcommittee held a hearing yesterday on the SAFE Data Act, a draft data security and breach notification bill that, among other things, would require businesses to minimize the amount of personal information they maintain about consumers and notify law enforcement within a very short period of time — within 48 hours of discovering a breach.