Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: breach

Posted in Health Privacy/HIPAA

California Adds Affirmative Defense to Medical Privacy Law

A new law that amends the California Confidentiality of Medical Information Act (CMIA) may provide some relief to HIPAA covered entities and business associates, some of whom have faced class action lawsuits seeking millions in statutory damages under the CMIA for large-scale data breaches. The changes to the CMIA are summarized in this entry.

Posted in Cybersecurity & Data Breaches

New Safeguarding Requirements for Government Contractor Information Systems

Government contractors soon may be compelled to protect against the compromise of information that is resident on their network and computer systems. The Federal Acquisition Regulatory Council (FAR Council) issued on August 24 a proposed rule on “Basic Safeguarding of Contractor Information Systems”. The proposal would add a new FAR subpart and contract clause requiring small and large contractors, including commercial items contractors, to employ basic security measures to protect information from unauthorized disclosure, loss, or compromise.

Posted in Cybersecurity & Data Breaches

FTC Reaches Settlements Over P2P Data Breaches

The Federal Trade Commission yesterday announced settlements with two companies over security breaches caused by peer-to-peer (P2P) file sharing software. The settlements require the companies to establish and maintain comprehensive information security programs and to undergo data security audits by independent auditors every other year for 20 years.

Posted in International/EU Privacy

Announcement from European Commission on Comprehensive Data Protection Reform Coming Wednesday

Despite rumors of delay, the formal announcement of a proposed comprehensive reform of the data protection framework in the European Union is now set for this Wednesday, January 25 at 12:30 CET (6:30 AM EST). This blog entry contains a link to the videostream of the announcement, as well as a synopsis and link to a video of a speech on Saturday by EU Justice Vice-President Viviene Reding. The Commission’s Data Privacy Day video on personal responsibility to protect privacy also is linked to.

Posted in Cybersecurity & Data Breaches

District Court Dismisses Most Claims Related to Heartland Data Breach

A federal judge dismissed all but one of the claims financial institutions brought against Heartland Payment Systems for the breach of Heartland’s computer systems that affected approximately 130 million consumers, demonstrating that it may be difficult to hold companies legally responsible for breaches of their data. The financial institution plaintiffs balked at Heartland’s settlement offers and instead sought relief from the court, but only the alleged violation of Florida’s consumer-protection statute survived Heartland’s motion to dismiss, an outcome which may deter future plaintiffs affected by data breaches from rejecting settlement offers to litigate their claims.

Posted in Cybersecurity & Data Breaches

House Subcommittee Holds Hearing on Breach Notification Proposal

A House subcommittee held a hearing yesterday on the SAFE Data Act, a draft data security and breach notification bill that, among other things, would require businesses to minimize the amount of personal information they maintain about consumers and notify law enforcement within a very short period of time — within 48 hours of discovering a breach.

Posted in Cybersecurity & Data Breaches

Short Guide to Responding to Data Security Breaches

The recent effective data for enforcement of the new HIPAA/HITECH data-security breach notification law, and continued passage of and amendments to state notification laws, make compliance with data-security breach notification requirements more challenging than ever.
The H&H Chronicle of Data Protection thought it would be useful to provide this Short Guide to Responding to Data Security Breaches as a refresher for some and as a wake-up call for others.

Posted in Cybersecurity & Data Breaches

North Carolina and Montana Data Breach Statutes Amendments Now in Effect

Recently-enacted amendments to the Montana and North Carolina data breach notifications go into effect today, October 1, 2009. North Carolina. The amendment to North Carolina’s statute increases the state’s notification requirements for smaller breaches. Under the amended law, businesses and public agencies are required to notify the state attorney general every time a resident is notified. Prior to […]

Posted in Cybersecurity & Data Breaches

Draft Federal Legislation May Bring Changes to Data Breach Practices

 On July 22, 2009, Sen. Patrick Leahy (D-VT) reintroduced S. 1490, the Personal Data Privacy and Security Act (“PDPSA”), which has been referred to the Senate Judiciary Committee.   The reintroduced PDPSA is substantially similar to the prior version reported out by the Judiciary Committee in 2007, which was co-sponsored by then-Sen. Barack Obama.  Among the […]

Posted in Cybersecurity & Data Breaches

Tips on Dealing with the Aftermath of a Data Breach

Data security breaches remain a major risk for any company or entity that handles personal information.  The costs of a breach and harm to reputation can be significant. At the IAPP Privacy Academy in Boston on September 18, I moderated a session on dealing with the aftermath of a data breach.  I was fortunate to have an expert […]

Posted in International/EU Privacy

Germany Introduces Data Breach Notification Rules

On July 10, 2009, the Federal Council (Bundesrat) finally passed an important amendment to the Federal Data Protection Act (FDPA), which imposes comprehensive obligations on data controllers in case of a loss or unlawful transmission of personal data to third parties (data breach). The new rules apply as of September 1, 2009.  The legal obligation […]