Data Security

Subscribe to Data Security via RSS

We’ve written extensively here on the importance of safeguarding personal information. We’ve also made clear that the safeguarding of data should not stop with individually identifiable personal information. In fact, many times a company’s most sensitive information, data critical to the survival of its business, is its corporate trade secrets, proprietary information, and its clients’

What had been the first use of the enforcement authority under the HIPAA privacy regulations granted to a State Attorney General, has ended in a settlement agreement between Connecticut’s Insurance Department and Health Net of Connecticut. Under the agreement, Health Net will pay $375,000 in penalties, and it agreed to provide credit monitoring protection for 2 years to all affected persons in Connecticut

In March 2010, we reported on a decision by the U.S. District Court for the District of New Jersey that allowed an employee’s retaliation claim to proceed to trial under the New Jersey Conscientious Employee Protection Act (“CEPA”) on the ground that he was engaged in protected whistle blowing activity – voicing concerns regarding his employer’s

Federal contractors are subject to numerous requirements under federal law and, as we have previously highlighted here, need to keep pace with changes in law and regulation. 

Under the Federal Information Security Management Act of 2002 (FISMA) each federal agency is required to develop, document, and implement an agency-wide program to provide information security

In another favorable decision for companies, the Maine Supreme Court ruled on September 21, 2010 that consumers affected by a data breach could not claim damages from the company unless they suffered uncompensated financial losses or some other tangible injury. 

The Maine Supreme Court addressed the following:

In the absence of physical harm or economic loss

A UK law firm may find itself subject to significant penalties following reports of a data breach affecting thousands of people.  The recent 2010 ABA Annual Meeting in San Francisco devoted two sessions to the topic, specifically dealing with “cloud computing,” and the risks and ethical issues it raises for law firms. As data privacy and security risks

Beginning March 1, 2010, businesses will be required to safeguard from identity theft and other dangers personal information about Massachusetts residents under a “written information security program” or WISP. Similar requirements exist in other states around the country, although those requirements generally are not as comprehensive as those becoming effective in the Bay state.

The most frequent question we hear from clients who want to develop or tighten their data privacy and security policies and procedures: Where do we start?

In most cases, the first step for the group charged with this task is to understand the organization’s "information risk." This means, in short, examining what information the company has

On August 18, 2010, the Connecticut Insurance Commissioner issued Bulletin IC-25 which mandates that entities within its jurisdiction notify the Department of Insurance of any "information security incident." This post provides a brief summary of this new requirement.

Who must provide the notice?

The Bulletin applies to all licensees and registrants of the Department. This generally means all entities