Header graphic for print
Workplace Privacy, Data Management & Security Report

Category Archives: Information Management

Subscribe to Information Management RSS Feed

Data Breach Notification Deadline Extended 10 Days for Certain Healthcare Providers in California

While recent legislation has tended to tighten data breach notification requirements (e.g., Florida and California), Assembly Bill 1755 extended the breach notification deadline from five to 15 days for certain healthcare providers. More specifically, according to AB1755 which becomes effective January 1, 2015, the deadline to provide notification of a breach of medical information for healthcare providers covered by… Continue Reading

Enterovirus D-68 and Ebola Cases Raise Privacy Concerns for Healthcare Providers and their Workers

On September 25, a four-year old boy from New Jersey died of Enterovirus D-68, reports myfoxphilly.com. Increasingly, there are reports about potential Ebola cases in the U.S. Naturally, the spread of infectious disease raises concern for everyone, particularly for healthcare workers who want to do their jobs, and also protect their families. There are already… Continue Reading

California AB-1710 – Requires Credit Monitoring Information in Data Breach Notice, Including Services Must Last 12 Months and Be Provided at No Cost

California Governor Jerry Brown signed AB-1710 into law yesterday amending its existing data breach notification statute. The most significant change – companies that experience a data breach must provide information in the notification that if identity theft prevention and mitigation services are provided, they must be provided for at least 12 months to affected persons… Continue Reading

Computer Previously, But Not Currently, Used In Interstate Commerce Is Not A “Protected Computer” Under The Computer Fraud And Abuse Act

In order to be a “protected computer” within the meaning of the federal Computer Fraud and Abuse Act (the “CFAA”), the computer must be used in interstate commerce at the time of the allegedly unauthorized access of the computer, the U.S. District Court for the District of Massachusetts held.  Pine Env. Servs., LLC v. Charlene… Continue Reading

HIPAA Reminders – Business Associate Agreement Deadline and Continuation of OCR Audits

I recently had the pleasure of speaking to a great group at the Connecticut Assisted Living Association (CALA) about HIPAA and a range of related practical issues. Many covered entities and business associates, particularly those that are small businesses, continue to work on understanding the privacy and security standards, and how to best apply them in their… Continue Reading

Report Says Russian Hackers Stole 1.2 Billion Usernames and Passwords, But Don’t Let “Breach Fatigue” Take Hold

In what is believed to be the largest security breach to date, the Associated Press reported that Russian hackers have stolen 1.2 billion user names and passwords. According to the AP, Milwaukee security firm, Hold Security, learned of the breach, but has yet to provide details about the series of website hackings believed to have affected… Continue Reading

Supreme Court Decision in Riley Affects Cellphone Searches in Civil Litigation, Employment Matters

When the United States Supreme Court handed down its decision Riley v. California, a Fourth Amendment criminal case, we suspected it would not be long before the rationale in that case concerning the privacy interests individuals have in cellphones would be more broadly applied. In late June, a federal district court in Connecticut denied a request  by two… Continue Reading

California Healthcare Provider Defeats Data Breach Class Action on Definition of Medical Information

Written by Ann Haley Fromholz In a victory for California healthcare providers, the California Court of Appeal recently held that a health care provider is not liable under California’s Confidentiality of Medical Information Act (CMIA) (Cal. Civ. Code, § 56 et seq.) when the health care provider releases an individual’s personal identifying information, but the… Continue Reading

FTC Objects to Sale of Company Assets Based on Potential Breach of Privacy Policy

Written by Christopher E. Hoyme Recently, the Federal Trade Commission (“FTC”) filed a limited objection in bankruptcy court to the proposed sale of assets of ConnectEdu, Inc. (“ConnectEdu”) on the grounds that the company’s privacy policy protecting customer personal information had potentially not been complied with. Specifically, ConnectEdu, an education technology company that provided interactive… Continue Reading

Volunteer State (Tennessee) Prohibits Employers From Asking Employees, Applicants to Volunteer Access to Social Media, Internet Accounts

Effective January 1, 2015, Tennessee employers, including government entities, will be prohibited from requesting or requiring access to the private social networking or online accounts of employees and job applicants under the Volunteer State’s ”Employee Online Privacy Act of 2014,” signed by Governor Bill Haslam. Our Tennessee colleagues outline the key provisions of the law, including some of… Continue Reading

Employers, the NLRB Wants Some Control Over Your Company Email

You’ve just finished your email, electronic communications, social media and/or BYOD policies for employees assuming, among other things, that you did not have to permit employees to use company-provided communication systems for nonwork-related purposes, such as to fulfill certain union-related purposes or other “protected concerted activities” under for Section 7 of the National Labor Relations… Continue Reading

Kentucky Enacts a Data Breach Notification Law and Protects Student Data in the Cloud

Kentucky Gov. Steve Beshear signed H.R. 232 on April 10, 2014, making the Commonwealth the 47th state to enact a data breach notification law. The law also limits how cloud service providers can use student data. A breach notification law in New Mexico may follow shortly. Data Breach Notification Mandate The Kentucky law follows the same general structure of… Continue Reading

California Attorney General Announces More Active Role in Dealing with Data Breaches, and Helpful Guide for Small Business

On Thursday, California Attorney General Kamala Harris announced heightened enforcement concerning data breaches, reports USAToday. AG Harris’ office also issued a Guide that provides recommendations to California businesses, particularly small businesses, to help them protect against and respond to the increasing threat of malware, data breaches and other cyber risks. The circumstances are certainly threatening for small business. According to… Continue Reading

“Blackphone” to address key smartphone privacy and security concerns?

Smartphone privacy and security concerns continue to weigh on businesses, particularly for companies in certain industries such as healthcare, and for those that have or are thinking of moving to a “bring your own device” (BYOD) model. Promoters of the “Blackphone,” according to a Reuters report, hope that their version of Google’s Android software will enable… Continue Reading

U.S. Attorney General Eric Holder Urges the Passage of a National Data Breach Notification Law

After years of identity theft holding the top spot for crimes reported to the Federal Trade Commission, and following recent reports of massive data breaches, U.S. Attorney General Eric Holder urged Congress today to enact a national law setting a uniform standard for notifying individuals regarding breaches involving their personal information, according to a report by… Continue Reading

What Employers Need to Know About Bitcoin

Written by B. Tyler Philippi Ask the average person what they know about Bitcoin and they might be able to tell you that it is a digital currency. Most have probably heard the name mentioned in articles about its giant fluctuations in value or in connection with black market internet transactions. Beyond that, how Bitcoin… Continue Reading