Effective September 30, 2014, New Hampshire joins sixteen other states (Arkansas, California, Colorado, Illinois, Louisiana, Maryland, Michigan, New Jersey, New Mexico, Nevada, Oklahoma, Oregon, Tennessee, Utah, Washington, and Wisconsin) in prohibiting employers from requiring employees or job applicants to disclose their login information for accessing any “personal account” or service through an electronic communication device. Similar… Continue Reading
In what is believed to be the largest security breach to date, the Associated Press reported that Russian hackers have stolen 1.2 billion user names and passwords. According to the AP, Milwaukee security firm, Hold Security, learned of the breach, but has yet to provide details about the series of website hackings believed to have affected… Continue Reading
As we reported earlier, Florida lawmakers passed extensive revisions to its existing data breach notification law, SB 1524. On June 20, 2014, Florida’s Governor Rick Scott signed the bill into law, which becomes effective on July 1, 2014. Our earlier post provides more of a discussion about key provisions of the law. But here are a… Continue Reading
On the heels of recent nationwide data breaches of consumer personal information, the Florida State Senate has proposed SB 1524, which if adopted will become effective on July 1, 2014, to revamp and replace existing state data security law and, in particular, impose a statutory requirement to safeguard personal information, reporting a breach to the… Continue Reading
Iowa made changes to its breach notification law (Iowa Code § 715C.1 et seq.) when the state’s Governor, Terry Branstad, signed S.F. 2259 into law. The amendment makes the following key changes which become effective July 1, 2014: The existing law applies to “computerized” personal information. The amendment clarifies that this includes personal information maintained in any medium,… Continue Reading
Kentucky Gov. Steve Beshear signed H.R. 232 on April 10, 2014, making the Commonwealth the 47th state to enact a data breach notification law. The law also limits how cloud service providers can use student data. A breach notification law in New Mexico may follow shortly. Data Breach Notification Mandate The Kentucky law follows the same general structure of… Continue Reading
Many organizations believe they have taken all steps necessary to eliminate the risk of a data breach. They often point to the organization’s deft IT team and tout the installation of some of the latest software solutions to protect sensitive data. However, some of these same organizations often fail to take some very basic steps… Continue Reading
According to an FTC press release, identity theft tops the national ranking of consumer complaints for 2013, with American consumers losing a reported $1.6 billion to fraud last year. Here is how some of the numbers break down: Fourteen (14) percent of the more than two million complaints to the FTC (or 290,056) stemmed from identity theft. Thirty… Continue Reading
A significant percentage of “recycled” computers were found to still contain personal information, according to a study conducted by the National Association for Information Destruction (NAID). As reported in e-Place Solutions, the NAID-ANZ Secondhand Hard Drive Study, found that “15 of 52 hard drives randomly purchased contained highly confidential personal information.” What kind information: “spreadsheets… Continue Reading
Smartphone privacy and security concerns continue to weigh on businesses, particularly for companies in certain industries such as healthcare, and for those that have or are thinking of moving to a “bring your own device” (BYOD) model. Promoters of the “Blackphone,” according to a Reuters report, hope that their version of Google’s Android software will enable… Continue Reading
After years of identity theft holding the top spot for crimes reported to the Federal Trade Commission, and following recent reports of massive data breaches, U.S. Attorney General Eric Holder urged Congress today to enact a national law setting a uniform standard for notifying individuals regarding breaches involving their personal information, according to a report by… Continue Reading
WSJ reported on November 22, 2013, Google’s push to move Google Glass, a computerized device with an “optical head-mounted display,” into the mainstream by tapping the prescription eyewear market through VSP Global—a nationwide vision benefits provider and maker of frames and lenses. If the speed and immersion of technology over the past few years had… Continue Reading
Today, the Centers for Medicare and Medicaid Services (CMS) requested an "emergency review" of its recently proposed rule that "[Federally-facilitated Exchanges or FFEs], non-Exchange entities associated with FFEs, and State Exchanges must report all privacy and security incidents and breaches to HHS within one hour of discovering the incident or breach." We reported on the proposed… Continue Reading
Click on the link in this post for high-level compliance roadmap concerning the Omnibus Privacy Rule under HIPAA and HITECH for covered plans, providers and business associates.
It seems more companies are considering whether to purchase or enhance their cyber or data breach insurance coverage. In recent years, these offerings have expanded giving businesses more choice, and perhaps so has the need for such coverage given the explosion of access to and transmission of confidential data. What is interesting about this development is the different… Continue Reading
Breach involving software upgrade to online application system leads to allegations of HIPAA privacy and security failures, and a $1.7 million settlement payment to HHS.
Texas amends its data breach notification statute and the law’s effects on persons out of state.
Are you a “non-Exchange entity” with respect to the healthcare exchanges coming later this year? If so you may become subject to a one-hour breach notification mandate.
Colorado joins eight other states in restricting employers’ use of credit information in making employment decisions
By: Lillian Chaves Moon In the face of increasing incidences of and rising public concern regarding identity theft, the California Legislature is considering a bill with new personal information data disclosure requirements for California businesses and a broad definition of what constitutes personal information. California Assembly Bill 1291, would require businesses who have customer personal… Continue Reading
Add New Mexico to the list of states with social medica privacy laws
In 2012, California took significant steps to increase privacy protections for users of mobile applications (apps) which involved working with companies such as Amazon, Apple, Facebook, Google, Hewlett-Packard, and Microsoft. In July 2012, the Attorney General created the Privacy Enforcement and Protection Unit, with the mission of protecting the inalienable right to privacy conferred by the… Continue Reading
The $50,000 in penalties that the Office for Civil Rights (OCR) recently imposed on a health care provider in Idaho was due in part to allegations that the HIPAA covered entity had not conducted a risk assessment as required under the HIPAA privacy and security regulations. Of course, HIPAA is not the only law that requires a risk assessment…. Continue Reading
HIPAA data breach affecting 441 patients leads to investigation resulting in $50K in penalties due to alleged lapses in security compliance.