Tag Archives: breach notification

FCC Data Security Enforcement Continues

Demonstrating its continued commitment to data security enforcement, the Federal Communications Commission (FCC) recently announced Cox Communications Inc., the nation’s third largest cable operator, agreed to pay $595,000 to resolve an investigation into whether the company failed to properly protect its customers’ personal information.  The agreement ends the first data security enforcement action brought by the FCC against … Continue Reading

State Attorneys General Tell Congress – Don’t Preempt Our Breach Notification Laws!

In the wake of recent, large-scale data breaches, one being the breach at the Office of Personnel Management (OPM) affecting millions of federal employees, a number of bills have been battling their way through Congress to address breach notification and data security requirements at the federal level. There has been an ongoing pattern for years … Continue Reading

Alabama Seeks To Become 48th State To Enact Breach Legislation

Alabama recently introduced a bill (S.B. 106) which would require notification in the event of a breach affecting the personal information of an Alabama resident.  While 47 states currently have laws requiring breach notification — most recently joined by Kentucky — New Mexico, South Dakota, and Alabama are the only states that do not. Notably, the proposed … Continue Reading

The Data Security and Breach Notification Act of 2015

On March 25, 2015, the United States House of Representative, Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade approved draft legislation which would replace state data breach notification laws with a national standard.  This draft legislation comes on the heels of the President’s call for a national data breach notification law.  The proposed legislation is … Continue Reading

Indiana Measure to Amend Breach Notification Law Passes Senate

Late last year we reported Indiana Attorney General Greg Zoeller was seeking legislation which would better protect the online personal and financial information of Indiana residents. That legislation, S.B. 413, was unanimously passed by the Indiana Senate on February 24, 2015.  Indiana’s bill follows similar efforts in New Jersey, New York and Oregon. As previously mentioned, the Indiana … Continue Reading

New York Attorney General Seeks Stonger Data Breach Notification Law and Data Security Safeguards

Earlier this month, the New York Attorney General Eric T. Schneiderman announced a legislative proposal that would strengthen protections for private information by expanding the state’s breach notification law to cover e-mails, passwords and health data, require companies to implement data security measures, and notify consumers and employees in the event of a breach. If … Continue Reading

NJ & NY Propose Amendments To Data Breach Laws

The New Jersey Assembly on December 15 unanimously approved, by a vote of 75-0, a bill designed to better protect consumers from identify theft.  Bill A3146, if approved by the Senate, would expand the state’s law to include disclosure of a breach of security of online accounts. Per the Identity Theft Resource Center, between 2005 … Continue Reading

FCC Seeks Comment on Exemption Petition Re: Breach Notification

Many of us have likely received a notification from our bank or credit card company concerning suspected fraud or improper charges.  However, the legality of those messages is not always clear.  To this end, on October 14, 2014, the American Bankers Association (Association) filed a petition for exemption requesting that the Federal Communications Commission (FCC) exempt … Continue Reading

California District Court – “Under TCPA Autodialer Must Generate Numbers”

One of the most complex issues under the Telephone Consumer Protection Act (TCPA) is determining whether the technology utilized qualifies as an “automatic telephone dialing system” (ATDS) or “autodialer.”  The TCPA prohibits using an ATDS to make calls to cell phone numbers, absent prior consent of the called party.  An ATDS  is generally define as … Continue Reading

Video Interview: Discussing the FCC’s Recent Data Security Action with LXBN TV

Following up on our recent post on the subject, I had the opportunity to speak with Colin O’Keefe, Editorial Manager-LexBlog, on the FCC’s first foray into policing a cybersecurity incident. In the brief video interview, I explain what happened and what it could mean going forward.  Special thanks to Colin, and LXBN TV, for the … Continue Reading

FCC Issues First Data Security Fine

On October 24, 2014, the Federal Communications Commission (FCC) announced its intention to fine two telecom companies $10 million for several violations of laws protecting the privacy of phone customers’ personal information.  This marks the FCC’s first data security case and the largest privacy action in the FCC’s history. According to the FCC, TerraCom, Inc. … Continue Reading

Data Breach Notification Deadline Extended 10 Days for Certain Healthcare Providers in California

While recent legislation has tended to tighten data breach notification requirements (e.g., Florida and California), Assembly Bill 1755 extended the breach notification deadline from five to 15 days for certain healthcare providers. More specifically, according to AB1755 which becomes effective January 1, 2015, the deadline to provide notification of a breach of medical information for healthcare providers covered by … Continue Reading

Prepare For Increased HIPAA Fines

Since mid-2013, the Department of Health and Human Services has recovered more than $10 million from numerous entities in connection with alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”).  However, during a recent American Bar Association conference, Jerome B. Meites, a chief regional civil rights counsel at the Department of Health and Human Services (“HHS”) … Continue Reading

Florida Legislature Seeks to Overhaul Existing Data Security Law

On the heels of recent nationwide data breaches of consumer personal information, the Florida State Senate has proposed SB 1524, which if adopted will become effective on July 1, 2014, to revamp and replace existing state data security law and, in particular, impose a statutory requirement to safeguard personal information, reporting a breach to the … Continue Reading

Best Practices For Gramm-Leach-Bliley Compliance

The U.S. Commodity Futures Trading Commission (Commission) issued a Staff Advisory on best practices for financial institutions that must comply with Gramm-Leach-Bliley Act (GLBA) provisions on data security and customer privacy. GLBA was enacted to ensure that financial institutions respect the privacy of their customers and protect the security and confidentiality of nonpublic personal information.  Specifically, … Continue Reading

Top 14 for 2014

In honor of National Data Privacy Day, we provide the following “Top 14 for 2014.”  While the list is by no means exhaustive, it does provide critical areas businesses will need to consider in 2014. Location Based Tracking.  As the utilization of GPS enable devices becomes more and more prevalent, employers are often faced with … Continue Reading

OCR Issues Protocol For HIPAA Privacy, Security and Breach Notification Audit Program

As we previously discussed, the Office of Civil Rights (“OCR”) continues to push forward with the HIPAA audits required by the HITECH Act.  To this end, the OCR recently posted the protocol which is used to conduct the HIPAA audits on its website.  The HITECH Act requires HHS to provide for periodic audits to ensure covered … Continue Reading

Don’t Mess With Texas–Amended Law Imposes Breach Notification Obligations In All 50 States

In a novel approach to data breach notification requirements, Texas has amended its breach notification law (Business & Commerce Code, Section 521.053) to require notification to residents of not only Texas, but to residents of each of the 50 states.  The amendment becomes effective September 1, 2012, and applies to “all persons who conduct business … Continue Reading

The White House’s Cybersecuirty Legislative Proposal

Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks.  While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously failed.  … Continue Reading

California and Massachusetts Legislatures Push Data Breach and Security Bills

In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.   On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents are notified … Continue Reading

HHS Settlement Follows Enforcement Fine

In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data.  This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine.  The Massachusetts … Continue Reading