Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: data breach

Posted in News & Events

Upcoming Webinar on Cybersecurity & the Internet of Things

“Connected” products—not just traditional IT products—are increasingly subject to cyber attacks globally. The question companies are (and should be) asking is no longer whether there will be an attack involving Internet of Things devices and infrastructure, but when. Join us on May 24 for the third installment of our 2017 IoT webinar series and get practical guidance from our international team of cybersecurity lawyers, who will present key elements of Hogan Lovells’ well-received client workshop on this rapidly evolving topic.

Posted in International/EU Privacy

Australia Introduces Mandatory Data Breach Notification Scheme

On 13 February 2017, the Australian Senate passed into law the Privacy Amendment Bill 2016. This law amends the primary privacy and data protection legislation in Australia, Privacy Act 1988, to introduce the long-anticipated mandatory data breach notification scheme. Under this scheme, all agencies and businesses that are regulated by the Privacy Act are required to provide notice to the Australian Information Commissioner and affected individuals of certain data breaches that are likely to result in “serious harm.”

Posted in Privacy & Security Litigation

Courts Split on Standing for Consumer Plaintiffs in Data Breach Class Actions

Within the last two weeks, two different federal district courts have issued decisions in high-profile data breach cases that highlight an important issue to watch in 2015: whether consumers whose payment card data was taken have standing to pursue claims against retailers. Northern District of Illinois Judge John Darrah and District of Minnesota Judge Paul Magnuson issued decisions regarding motions to dismiss in consumer class actions against P.F. Chang’s China Bistro Inc. and Target Corp. respectively, with substantially different results. The rulings took different approaches in examining whether the plaintiffs had sufficiently alleged injury, showing continuing uncertainty over what consumers must plead in order to pursue a claim after a data breach.

Posted in Cybersecurity & Data Breaches

Massachusetts Data Breach Settlement Highlights Expectation of Timely Notification

On December 8, Massachusetts Attorney General Martha Coakley announced a settlement with TD Bank, under which TD Bank must pay $625,000 and take several steps to strengthen its data security practices. The settlement agreement stems from a data breach that impacted over 90,000 Massachusetts residents and over 260,000 customers nationwide. The AG’s approach to this case and the resulting settlement underscore the importance of providing prompt notification following a data breach as well as maintaining adequate oversight over the security practices of third-party service providers.

Posted in Health Privacy/HIPAA

California Appeals Court Rules that Mere Possession of Medical Information by Unauthorized Person is Insufficient to Support Breach Claims Under the CMIA

In a ruling that was welcome news to health care providers, insurers, and others that maintain medical information of California residents, the California Court of Appeals recently held that the mere possession of medical information by an unauthorized person, without actual viewing of the information, is not sufficient to establish a breach of confidentiality under the California Confidentiality of Medical Information Act , Cal. Civ. Code §§ 56 et seq.

Posted in Health Privacy/HIPAA

Puerto Rico Hits Insurer with Record $6.8 Million Fine for HIPAA Breach

On February 18, Puerto Rican insurer Triple S Salud revealed that it will face a $6.8 million fine for violating the Health Insurance Portability and Accountability Act. According to an 8-K filing submitted to the Securities and Exchange Commission, the Puerto Rico Health Insurance Administration notified Triple S on February 11, 2014 regarding its plans to sanction the insurer for HIPAA violations resulting from a 2013 breach of protected health information. The Health Insurance Administration also plans to impose administrative sanctions on the insurer, including the suspension of new enrollments into one of its plans and the obligation to notify affected individuals of their right to disenroll.

Posted in Health Privacy/HIPAA

California AG Files Suit Alleging Untimely Breach Response

Last week, California Attorney General Kamala Harris filed suit against Kaiser Foundation Health Plan, Inc. (“Kaiser”) in relation to a 2011 data security breach. The AG’s complaint alleges that even though Kaiser provided notice of the breach to affected individuals, it took too long to issue the required notifications.

Posted in Privacy & Security Litigation

Limiting Litigation Risks from Privacy and Data Security Missteps

In Bloomberg BNA’s Privacy and Security Law Report, Hogan Lovells attorneys Des Hogan, Michelle Kisloff, and Chris Wolf have published an article addressing the increased litigation and regulatory risks that companies must address in the evolving privacy and data security landscape. After summarizing recent developments involving class actions and regulatory activities, the article offers guidance on how companies can reduce their financial and reputational exposure.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA, International/EU Privacy

Journalist Uncovers Data Breaches at French Hospitals

A February 4, 2013 article published by the specialized healthcare news site “Actusoins” revealed data breaches at several French hospitals and clinics, demonstrating that such incidents can occur even in a highly-regulated jurisdiction. The journalist was researching another article, and entered the name of a physician into Google. The journalist was astonished to find at […]

Posted in Cybersecurity & Data Breaches, International/EU Privacy

French CNIL Publishes English Language Compliance Guides

France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, “Methodology for Privacy Risk Management”, provides a step-by-step guide for identifying risks and prioritising remedial actions. The second guide, “Measures for the Privacy Risk Treatment“, provides practical guidance on […]

Posted in Cybersecurity & Data Breaches

New Safeguarding Requirements for Government Contractor Information Systems

Government contractors soon may be compelled to protect against the compromise of information that is resident on their network and computer systems. The Federal Acquisition Regulatory Council (FAR Council) issued on August 24 a proposed rule on “Basic Safeguarding of Contractor Information Systems”. The proposal would add a new FAR subpart and contract clause requiring small and large contractors, including commercial items contractors, to employ basic security measures to protect information from unauthorized disclosure, loss, or compromise.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, Employment Privacy, Health Privacy/HIPAA

What the States Did on Their “Summer Vacation”: Enact New Privacy Laws

This summer, several states have enacted legislation addressing a broad range of privacy issues including data breach notification, health care privacy, employer access to employees’ and applicants’ social networking accounts, the collection of Social Security numbers, and telemarketing. We provide an overview of the recent privacy regulation developments in Vermont, Connecticut, Hawaii, New York, and Illinois.

Posted in Cybersecurity & Data Breaches

FTC Reaches Settlements Over P2P Data Breaches

The Federal Trade Commission yesterday announced settlements with two companies over security breaches caused by peer-to-peer (P2P) file sharing software. The settlements require the companies to establish and maintain comprehensive information security programs and to undergo data security audits by independent auditors every other year for 20 years.

Posted in Cybersecurity & Data Breaches

District Court Dismisses Most Claims Related to Heartland Data Breach

A federal judge dismissed all but one of the claims financial institutions brought against Heartland Payment Systems for the breach of Heartland’s computer systems that affected approximately 130 million consumers, demonstrating that it may be difficult to hold companies legally responsible for breaches of their data. The financial institution plaintiffs balked at Heartland’s settlement offers and instead sought relief from the court, but only the alleged violation of Florida’s consumer-protection statute survived Heartland’s motion to dismiss, an outcome which may deter future plaintiffs affected by data breaches from rejecting settlement offers to litigate their claims.

Posted in International/EU Privacy

France Implements EU Requirements for Data Breach Notification, Audits and Cookies Applicable to Electronic Communications Service Providers

On August 26, 2011 France implemented new EU provisions on data breach notifications for electronic communications providers, as well as new provisions requiring prior consent for cookies. The French measure also gives the government power to order security audits for electronic communications providers.

Posted in Cybersecurity & Data Breaches

House Subcommittee Holds Hearing on Breach Notification Proposal

A House subcommittee held a hearing yesterday on the SAFE Data Act, a draft data security and breach notification bill that, among other things, would require businesses to minimize the amount of personal information they maintain about consumers and notify law enforcement within a very short period of time — within 48 hours of discovering a breach.

Posted in News & Events

Upcoming Webinars on Privacy Developments in Washington and Data Security Breach Notification Laws

Two webinars, one afternoon. On Thursday, February 24, Hogan Lovells Privacy and Information Management Practice Director Chris Wolf will participate in a BNA webinar (along with Senior Governmental Affairs Advisor Nancy Granese of Hogan Lovells and Jules Polonetsky of the Future of Privacy Forum) on privacy developments in Washington, and an Experian webinar on data security breach notification laws (along with Reed Freeman of Morrison & Foerster and Tony Hadley of Experian). Both pay-to-view programs are open for sign-up now.

Posted in Cybersecurity & Data Breaches, International/EU Privacy

UK Takes Step That Likely Will Result in Significantly Increased Penalties for Data Breaches

In a move that likely will result in a significant increase in civil penalties that can be assessed in the UK for data security breaches, this month the UK Ministry of Justice began consultation on the introduction of a maximum civil monetary penalty for serious breaches of the Data Protection Act 1998 (DPA).

Posted in Cybersecurity & Data Breaches

Rocky Mountain Bank Settles Gmail Disclosure Case: Controversial Case Sought to Avoid Breach Notification and Froze User’s Account

It appears that Rocky Mountain Bank v. Google (ND CA), a dispute over the disclosure of a Gmail users’ account, has been settled according to this newspaper report. When an employee of the bank sent a file containing names, addresses, tax ID numbers and loan information on more than 1,000 customers to a Gmail account by mistake, the […]