Header graphic for print
Workplace Privacy, Data Management & Security Report

Category Archives: Data Security

Subscribe to Data Security RSS Feed

Missouri Constitutional Amendment Protects Electronic Privacy

On August 5, 2014, Missouri voters approved Amendment 9 to the Missouri Constitution making Missouri the first state in the nation to offer explicit constitutional protection to electronic communications and data from unreasonable serches and seizures. The official ballot title asked:  “Shall the Missouri Constitution be amended so that the people shall be secure in their… Continue Reading

Report Says Russian Hackers Stole 1.2 Billion Usernames and Passwords, But Don’t Let “Breach Fatigue” Take Hold

In what is believed to be the largest security breach to date, the Associated Press reported that Russian hackers have stolen 1.2 billion user names and passwords. According to the AP, Milwaukee security firm, Hold Security, learned of the breach, but has yet to provide details about the series of website hackings believed to have affected… Continue Reading

NY Department of Financial Services Proposes Virtual Currency Rule

The New York Department of Financial Services recently published proposed regulations which would require virtual currency businesses operating in New York State to safeguard data and protect customer privacy. Notably, the proposed regulations include requirements for virtual currency business to maintain cyber security programs and business continuity and disaster recovery plans. Virtual currencies under the regulations… Continue Reading

Yes, a Person Can be Criminally Prosecuted for Violating HIPAA

As reported by HealthcareInfoSecurity.com, a former hospital employee is facing criminal charges brought by federal prosecutors in Texas for alleged violations of the privacy and security requirements under the Health Insurance Portability and Accountability Act (HIPAA). You may remember that back on June 1, 2005, the Department of Justice issued an opinion supporting the prosecution of individuals… Continue Reading

Supreme Court Decision in Riley Affects Cellphone Searches in Civil Litigation, Employment Matters

When the United States Supreme Court handed down its decision Riley v. California, a Fourth Amendment criminal case, we suspected it would not be long before the rationale in that case concerning the privacy interests individuals have in cellphones would be more broadly applied. In late June, a federal district court in Connecticut denied a request  by two… Continue Reading

California Healthcare Provider Defeats Data Breach Class Action on Definition of Medical Information

Written by Ann Haley Fromholz In a victory for California healthcare providers, the California Court of Appeal recently held that a health care provider is not liable under California’s Confidentiality of Medical Information Act (CMIA) (Cal. Civ. Code, § 56 et seq.) when the health care provider releases an individual’s personal identifying information, but the… Continue Reading

FTC Objects to Sale of Company Assets Based on Potential Breach of Privacy Policy

Written by Christopher E. Hoyme Recently, the Federal Trade Commission (“FTC”) filed a limited objection in bankruptcy court to the proposed sale of assets of ConnectEdu, Inc. (“ConnectEdu”) on the grounds that the company’s privacy policy protecting customer personal information had potentially not been complied with. Specifically, ConnectEdu, an education technology company that provided interactive… Continue Reading

Volunteer State (Tennessee) Prohibits Employers From Asking Employees, Applicants to Volunteer Access to Social Media, Internet Accounts

Effective January 1, 2015, Tennessee employers, including government entities, will be prohibited from requesting or requiring access to the private social networking or online accounts of employees and job applicants under the Volunteer State’s ”Employee Online Privacy Act of 2014,” signed by Governor Bill Haslam. Our Tennessee colleagues outline the key provisions of the law, including some of… Continue Reading

Minnesota Mulls Amendments to Data Breach Notification Law

The Minnesota House of Representatives introduced a bill in late February to strengthen Minnesota’s current data breach notification law, Minnesota Statutes Section 325E.61. The bill,  House File No. 2253, was authored by Representative Dan Schoen.  It would require notification within 48 hours to all individuals whose unencrypted personal information has been breached.  The current statute requires notification… Continue Reading

Stolen Laptops = HIPAA Settlements Totaling Nearly Two Million Dollars

Unencrypted laptop computers and other mobile devices pose significant risks to the security of patient information, reminds the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in its announcement yesterday that it collected $1,975,220 from two entities collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA)… Continue Reading

Iowa Amends Its Breach Notification Law, Attorney General Notification Required For Breaches Affecting More Than 500 Iowans

Iowa made changes to its breach notification law (Iowa Code § 715C.1 et seq.) when the state’s Governor, Terry Branstad, signed S.F. 2259 into law. The amendment makes the following key changes which become effective July 1, 2014: The existing law applies to “computerized” personal information. The amendment clarifies that this includes personal information maintained in any medium,… Continue Reading

Kentucky Enacts a Data Breach Notification Law and Protects Student Data in the Cloud

Kentucky Gov. Steve Beshear signed H.R. 232 on April 10, 2014, making the Commonwealth the 47th state to enact a data breach notification law. The law also limits how cloud service providers can use student data. A breach notification law in New Mexico may follow shortly. Data Breach Notification Mandate The Kentucky law follows the same general structure of… Continue Reading

Cities And Counties Are Not Immune From HIPAA Enforcement, Skagit County, WA Pays $215,000

Skagit County, Washington, has agreed to settle potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to an announcement by the Office for Civil Rights (OCR) on Friday.  OCR reported that Skagit County, home to approximately 118,000 residents, agreed to a $215,000 monetary settlement and to comply… Continue Reading

Best Practices For Gramm-Leach-Bliley Compliance

The U.S. Commodity Futures Trading Commission (Commission) issued a Staff Advisory on best practices for financial institutions that must comply with Gramm-Leach-Bliley Act (GLBA) provisions on data security and customer privacy. GLBA was enacted to ensure that financial institutions respect the privacy of their customers and protect the security and confidentiality of nonpublic personal information.  Specifically,… Continue Reading

FTC Announces Identity Theft Was Top Consumer Complaint During 2013, 14 Years Running

According to an FTC press release, identity theft tops the national ranking of consumer complaints for 2013, with American consumers losing a reported $1.6 billion to fraud last year. Here is how some of the numbers break down: Fourteen (14) percent of the more than two million complaints to the FTC (or 290,056) stemmed from identity theft. Thirty… Continue Reading