Header graphic for print
Workplace Privacy, Data Management & Security Report

Tag Archives: breach

FCC Issues First Data Security Fine

On October 24, 2014, the Federal Communications Commission (FCC) announced its intention to fine two telecom companies $10 million for several violations of laws protecting the privacy of phone customers’ personal information.  This marks the FCC’s first data security case and the largest privacy action in the FCC’s history. According to the FCC, TerraCom, Inc…. Continue Reading

Delaware Joins List of States Regulating Data Disposal

On January 1, 2015, Delaware employers who dispose of records which contain the unencrypted personal identifying information of employees must take steps to ensure the privacy of such information.  The bill, H.B. 294, was recently signed by Delaware’s Governor Jack Markell. The new law defines personal identifying information as an employee’s first name or first initial… Continue Reading

Report Says Russian Hackers Stole 1.2 Billion Usernames and Passwords, But Don’t Let “Breach Fatigue” Take Hold

In what is believed to be the largest security breach to date, the Associated Press reported that Russian hackers have stolen 1.2 billion user names and passwords. According to the AP, Milwaukee security firm, Hold Security, learned of the breach, but has yet to provide details about the series of website hackings believed to have affected… Continue Reading

NY Department of Financial Services Proposes Virtual Currency Rule

The New York Department of Financial Services recently published proposed regulations which would require virtual currency businesses operating in New York State to safeguard data and protect customer privacy. Notably, the proposed regulations include requirements for virtual currency business to maintain cyber security programs and business continuity and disaster recovery plans. Virtual currencies under the regulations… Continue Reading

Prepare For Increased HIPAA Fines

Since mid-2013, the Department of Health and Human Services has recovered more than $10 million from numerous entities in connection with alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”).  However, during a recent American Bar Association conference, Jerome B. Meites, a chief regional civil rights counsel at the Department of Health and Human Services (“HHS”)… Continue Reading

Cities And Counties Are Not Immune From HIPAA Enforcement, Skagit County, WA Pays $215,000

Skagit County, Washington, has agreed to settle potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to an announcement by the Office for Civil Rights (OCR) on Friday.  OCR reported that Skagit County, home to approximately 118,000 residents, agreed to a $215,000 monetary settlement and to comply… Continue Reading

Best Practices For Gramm-Leach-Bliley Compliance

The U.S. Commodity Futures Trading Commission (Commission) issued a Staff Advisory on best practices for financial institutions that must comply with Gramm-Leach-Bliley Act (GLBA) provisions on data security and customer privacy. GLBA was enacted to ensure that financial institutions respect the privacy of their customers and protect the security and confidentiality of nonpublic personal information.  Specifically,… Continue Reading

FTC Announces Identity Theft Was Top Consumer Complaint During 2013, 14 Years Running

According to an FTC press release, identity theft tops the national ranking of consumer complaints for 2013, with American consumers losing a reported $1.6 billion to fraud last year. Here is how some of the numbers break down: Fourteen (14) percent of the more than two million complaints to the FTC (or 290,056) stemmed from identity theft. Thirty… Continue Reading

Employee Criminally Prosecuted For Taking Employer’s Documents

A New Jersey Appellate Court recently ruled that an employee who removes or copies her employer’s documents for use in her whistleblower or discrimination case may be prosecuted criminally for stealing.  In State v. Saavedra, the employee had taken highly confidential original documents owned by her employer, contending that she did so to support her employment… Continue Reading

Top 14 for 2014

In honor of National Data Privacy Day, we provide the following “Top 14 for 2014.”  While the list is by no means exhaustive, it does provide critical areas businesses will need to consider in 2014. Location Based Tracking.  As the utilization of GPS enable devices becomes more and more prevalent, employers are often faced with… Continue Reading

Don’t Mess With Texas–Amended Law Imposes Breach Notification Obligations In All 50 States

In a novel approach to data breach notification requirements, Texas has amended its breach notification law (Business & Commerce Code, Section 521.053) to require notification to residents of not only Texas, but to residents of each of the 50 states.  The amendment becomes effective September 1, 2012, and applies to “all persons who conduct business… Continue Reading

The White House’s Cybersecuirty Legislative Proposal

Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks.  While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously failed. … Continue Reading

California and Massachusetts Legislatures Push Data Breach and Security Bills

In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.   On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents are notified… Continue Reading

HHS Settlement Follows Enforcement Fine

In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data.  This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine.  The Massachusetts… Continue Reading

U.S. Bank Hit with Class Action Suit Alleging Data Breach Cover-Up

Paintball Punks filed a class action suit against U.S. Bank  in Hennepin County, Minnesota. The case was subsequently removed on December 6, 2010, to the Minneapolis District Court. In the complaint, Paintball Punks alleges that between August and December 2009 it received 9 orders totaling approximately $11,000, which were fraudulently billed to U.S. Bank-issued cards. The amount was subsequently… Continue Reading

Peer-To-Peer (P2P) File Sharing Data Breaches Lead to FTC Action

Nearly 100 organizations have been notified by the Federal Trade Commission (“FTC”) that personal information, including sensitive employee and customer data, shared from the organizations’ computer networks is available on peer-to-peer (P2P) file-sharing networks. This, the FTC warned, could be used to commit identity theft or fraud. The notices went to both private and public entities, including… Continue Reading

Dealing with Data Breaches: Health Net Suit Highlights Need for Effective Security Incident Procedures and Training

As we have discussed before, data breach notification is one of the most rapidly emerging areas of law. Good security incident procedures as well as effective training can help avoid the risk of data breach. (Sample data breach training).  A case in point: Connecticut’s Attorney General has filed a civil action against Health Net of the Northeast… Continue Reading