Archives: Data Breach Notification

Subscribe to Data Breach Notification RSS Feed

UK and US Issue Joint Cybersecurity Alert Concerning Explosion of COVID-19 Phishing Attacks

In the US, many organizations anxiously awaiting assistance under the CARES Act are becoming the targets of cyberattackers looking to feed off of the massive relief being provided by the US treasury. Yesterday, the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre … Continue Reading

Key Components of a COVID-19 Screening Program

Stopping the spread of coronavirus is critical to overcoming the COVID-19 pandemic. As testing is ramping up around the country, some states and localities have imposed health screening requirements in an effort to identify persons at risk of being infected and stopping them from infecting others. Whether mandatory or recommended, screening employees and visitors could … Continue Reading

HIPAA Privacy Rule Waiver, Other Medical Information Questions During the COVID-19 Pandemic

As the coronavirus spreads across the globe and in the United States, providers, businesses, employers, and others are struggling to understand what medical information they can collect and what information they can share. These are difficult questions the answers to which involve considering factors such as long-standing compliance requirements (e.g., HIPAA, ADA, GINA, state law), … Continue Reading

Work-From-Home Checklist During the Coronavirus Pandemic

The debate over working from home continues, reaching a high point in 2013 when Marissa Mayer, then CEO of Yahoo, sought to curb the practice. However, as the Coronavirus continues to spread across the U.S., more companies are instructing their employees to work-from-home as a social distancing technique to help contain the spread and remain … Continue Reading

New York SHIELD Act FAQs

Over the past few months, businesses across the country have been focused on the California Consumer Privacy Act (CCPA) which dramatically expands privacy rights for California residents and provides a strong incentive for businesses to implement reasonable safeguards to protect personal information. That focus is turning back east as the Stop Hacks and Improve Electronic … Continue Reading

What Does Phishing Have to do with Coronavirus?

As announcements relaying the spread of Coronavirus (COVID-19) continue daily, governmental agencies at all levels are offering information and guidance, and businesses are scrambling to prepare and protect their employees and customers. As part of a larger group in my firm helping to synthesize all this information, there is an aspect of responding to COVID-19 … Continue Reading

CCPA Data Breach Class Action Litigation Begins

As reported by Bloomberg Law, data breach class action litigation has begun under the California Consumer Privacy Act (CCPA). Filed in the Northern District of California, San Francisco Division, a putative class action lawsuit against Hanna Andersson, LLC and its ecommerce platform provider, Salesforce.com, alleges negligence and a failure to maintain reasonable safeguards, among other … Continue Reading

Privacy & Cybersecurity Issues to Watch in 2020

2020 may very well be the most impactful year for data privacy and cybersecurity in the United States. In honor of Data Privacy Day, we discuss some of the reasons why that may be the case. In short, as privacy and cybersecurity risks continue to emerge for organizations large and small, the law is beginning … Continue Reading

Personal Information, Private Information, Personally Identifiable Information…What’s the Difference?

When privacy geeks talk “privacy,” it is not uncommon for them to use certain terms interchangeably –personal data, personal information, personally identifiable information, private information, individually identifiable information, protected health information, or individually identifiable health information. They might even speak in acronyms – PI, PII, PHI, NPI, etc. Blurring those distinctions might be OK for … Continue Reading

10 Steps for Tackling Data Privacy and Security Laws in 2020 for In-House Counsel and HR Pros

After years of data breaches, mass data collection, identity theft crimes, and failed attempts at broad-based federal legislation, 2020 may be the year that state privacy and data security legislation begins to take hold in the U.S. For example, the California Consumer Privacy Act (“CCPA”) and the New York Stop Hacks and Improve Electronic Data … Continue Reading

Professional Tax Preparers – You Need A Written Information Security Plan, Says the IRS and FTC

Tax season soon will soon be upon us and many not-so-eager taxpayers will share sensitive personal information about themselves, their dependents, their employees, and others with their trusted professional tax preparers for processing. What many of these preparers might not realize is that federal law and a growing number of state laws obligate them to … Continue Reading

California Updates its Data Breach Notification Law

On February 21, 2019, California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael) announced Assembly Bill 1130 which intended to strengthen and expand California’s existing data breach notification law. On September 11, 2019, the bill passed both houses of the legislature and was presented to Governor Gavin Newsom. Last Friday, October 11, 2019, … Continue Reading

CCPA Amendments Updated, Finalized, and Moving on to Governor Newsom

The California Consumer Privacy Act is almost here! The groundbreaking law takes effect January 1, 2020. Covered businesses and their service providers have already started preparing, as the CCPA continues to evolve since it was introduced. California’s legislative session ended on September 13th, with some final modifications to bills that would amend certain aspects of … Continue Reading

Illinois Enhances Its Data Breach Notification Requirements

In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. Illinois Governor J.B. Pritzker recently signed into law an amendment to the Personal Information Protection Act (PIPA), SB 1624, effective January 1, 2020. PIPA will now require that most “data collectors,” which includes … Continue Reading

Expansion of Technology at K-12 Schools Comes with Data Security Risks for Students and Parents

A new school year is upon us and some students are already back at school. Upon their return, many students may experience new technologies and equipment rolled out by their schools districts, such as online education resources, district-provided equipment, etc. to enhance the education they provide and improve district administration. However, a recent report, “The State … Continue Reading

New Notification Requirements in New York for Healthcare Providers Facing a Cybersecurity Incident

On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a new notification protocol for informing the Department of a potential cybersecurity incident. The updated protocol is considered effective immediately from a … Continue Reading

Licensed by Your State’s Insurance Commissioner? Comprehensive Data Security Requirements Are Headed Your Way

Most businesses in the insurance industry have one thing in common – they collect and maintain significant amounts of sensitive, nonpublic information including personal information. Not surprisingly, insurance-related businesses are a target of cyberattacks and a few have faced some of the largest data breaches reported to date. Beyond the headlines, however, small and mid-sized … Continue Reading

New York Enacts the SHIELD Act

On Thursday, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), sponsored by Senator Kevin Thomas and Assemblymember Michael DenDekker. The SHIELD Act, which amends the State’s current data breach notification law, imposes more expansive data security and data breach notification requirements on companies, in … Continue Reading

Illinois’ Attorney General Wants to Know About Data Breaches

Possibly adding to the list of states that have updated their privacy and breach notification laws this year, the Illinois legislature passed Senate Bill 1624 which would update the state’s current breach notification law to require most “data collectors,” which includes entities that, for any purpose, handle, collect, disseminate, or otherwise deal with nonpublic personal information, to notify … Continue Reading

Oregon Amends Data Breach Notification Law to Include Vendor Obligations; Expanded Definition of Personal Information

As we recently noted, Washington state amended its data breach notification law on May 7 to expand the definition of “personal information” and shorten the notification deadline (among other changes). Not to be outdone by its sister state to the north, Oregon followed suit shortly thereafter—Senate Bill 684 passed unanimously in both legislative bodies on … Continue Reading

Sweeping Privacy Changes Stall in the Lone Star State

Per our earlier blog post, Texas was ambitious this legislative session when it proposed two consumer data privacy bills. Both bills made it through committee hearings, but only one made it to the governor’s desk for signature: HB 4390. However, even it arrived there very different than originally drafted. HB 4390, dubbed the Texas Privacy … Continue Reading

Washington Overhauls its Data Breach Notification Law

As we noted last month, Washington’s efforts to follow California’s lead in passing its own GDPR-like law have stalled after the bill failed to make its way through the state’s House of Representatives—despite overwhelming approval in the Senate (where it passed 46-1).  That bill’s sponsor has promised to revisit the issue during the 2020 legislative … Continue Reading

New Jersey’s Data Breach Notification Amendment Signed into Law

On May 10, Governor Phil Murphy signed into law P.L.2019, c.95. an amendment enhancing New Jersey’s data breach notification law by expanding the definition of personal information, and updating notification requirements. As we previously reported, the amendment was unanimously approved by the New Jersey General Assembly and Senate in late February. New Jersey’s data breach notification law … Continue Reading

California’s “Your Data, Your Way” Initiative

California keeps making privacy headlines for its trailblazing California Consumer Privacy Act (“CCPA”), set to take effect January 1, 2020, but there is another set of privacy bills making its way through the California state legislature, that, if passed, will provide consumers with further privacy protections. The “Your Data Your Way” initiative, comprised of four … Continue Reading
LexBlog