The Maryland General Assembly has recently amended its Maryland Personal Information Protection Act, House Bill 974, effective January 1, 2018. Notable amendments expand the definition of personal information, modify the definition of breach of the security of the system, provide a 45-day timeframe for notification, allow alternative notice for breaches that enable an individual’s email … Continue Reading
Not to be outdone by the recent attention to biometric information in Illinois, and the Prairie State’s Biometric Information Privacy Act (BIPA), Washington enacted a biometric data protection statute of its own, HB 1493, which became effective July 23, 2017. What it notable about Washington’s new biometric information law? It prohibits “persons” from “enrolling” “biometric … Continue Reading
As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also … Continue Reading
On May 11, 2017 – after weeks of anticipation – the White House released an Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. There could not be better timing with a global cyberattack unleashing ransomware against governments and companies in nearly 100 countries around the globe. This newly released Executive Order … Continue Reading
On April 6, 2017, New Mexico Governor Susana Martinez signed HB 15, making New Mexico the 48th state to enact a data breach notification law. The law has an effective date of June 16, 2017 and follows the same general structure of many of the breach notification laws in other states. Importantly, the definition of personal … Continue Reading
As previously highlighted, in early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, 2017, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of its … Continue Reading
On February 2, 2017, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. The scam, which targets the corporate world during tax season, is currently “spreading to other sectors, including school districts, tribal organizations and nonprofits.” (irs.gov/news-events). This cyber-scam is simple, but highly successful. It consists of … Continue Reading
New York State Attorney General Eric T. Schneiderman announced a settlement with Acer Service Corporation (a Taiwanese computer manufacturer) relating to the NYSAG’s investigation of a breach of Acer’s data. The data breach, first reported in June, 2016, involved data for over 35,000 customers throughout the United States, Canada and Puerto Rico, including 2,250 customers … Continue Reading
In honor of Data Privacy Day, we provide the following “Top 10 for 2017.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017. 1. Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or personal … Continue Reading
A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds the victims’ expectations it could backfire. Those victims may become suspicious, thinking the organization has something to hide, which could have … Continue Reading
It has been reported that infamous bank robber, Slick Willie Sutton, once said, “I rob banks because that’s where the money is.” Data thieves, understandably, have a similar strategy – go where the data is. The retail industry knows this as it has been a popular target for payment card data. The healthcare and certain … Continue Reading
The U.S. Department of Homeland Security (DHS) has designed October as National Cyber Security Awareness Month. But as we leave October, remember that data security is an ongoing challenge that requires continued vigilance not just from information system hacking, but also from employee error and other threats. Setting up a comprehensive training and awareness program is … Continue Reading
Fortune.com reported that according to an International Data Corporation (IDC) forecast, by 2020, spending on security-related hardware, software, and services will eclipse $100 billion. However, consulting company NTT Com Security recently surveyed 1,000 executives and found only about half of them reported having a formal plan to respond to a data breach. Franklin wisely noted … Continue Reading
For years, many questioned whether the HIPAA privacy and security rules would be enforced. The agency responsible for enforcement, Health and Human Services’ Office for Civil Rights (OCR), promised it would enforce the rules, but just after a period “soft” enforcement and compliance assistance. That period appears to be ending. During the first seven months … Continue Reading
While data breach incidents affecting the entertainment, retail, healthcare, and financial industries have garnered more attention in past years, the data breach spotlight recently shifted to law firms. This shift was triggered by media coverage of the breach and leak of the Panama Papers, and by reports that, in 2015, hackers breached the networks of … Continue Reading
Last month, Illinois Governor Bruce Rauner signed into law a number of amendments to the State’s Personal Information Protection Act (“PIPA”) that expand the definition of protected personal information and increase certain data breach notification requirements. The amendments, highlighted below, take effect January 1, 2017. Currently, “personal information” is limited to an individual’s first name … Continue Reading
On April 13, 2016, Nebraska’s breach notification statute was amended when Governor Pete Ricketts signed LB835 into law. The Amendment included a variety of changes, including a regulator notification requirement and broadens the definition of “personal information” in the state data breach notification statute, Neb. Rev. Stat. §87-802 – 87-804. These amendments become effective on … Continue Reading
On April 20, 2016, a class action lawsuit was filed in the United States District Court, Southern District of California against Sprouts Farmers Market, Inc. The lawsuit was initiated by a former employee whose W-2 was allegedly disclosed as part of a phishing scam that occurred in late March 2016 amid reports that Sprouts’ employees … Continue Reading
On March 24, 2016, Tennessee’s breach notification statute was amended when Governor Bill Haslam signed into law S.B. 2005. Under the amendment, notification of a data breach must now be provided to any affected Tennessee resident within 45-days after discovery of the breach (absent a delay request from law enforcement). Previously, and like the vast majority of … Continue Reading
Each year at the beginning of tax season, the IRS releases the “Dirty Dozen,” a list of twelve tax scams to be mindful of when individuals are filing their taxes. This list is something to consider sharing with colleagues or friends within your organization. The first member of the 2016 Dirty Dozen is identity theft. Tax-related … Continue Reading
President Barack Obama requested $19 billion in his budget for 2017 to address cybersecurity in the United States, $5 billion more than was budgeted for the current year. Today, he issued an Executive Order that will create a commission within the Department of Commerce to be known as the “Commission on Enhancing National Cybersecurity.” So, … Continue Reading
Earlier this year, we reported that the Internal Revenue Service clarified that it would not consider the value of credit monitoring and other identity protection services provided by employers to employees in connection with a data breach to be taxable income to the employees. IRS Announcement 2015-22. In response to comments, the IRS expanded this … Continue Reading
Are pundits discussing the personal information allegedly accessed by a campaign staffer for Bernie Sanders? No, not really, and that is the point. Scheduled to debate tonight at St. Anselm College in Manchester, New Hampshire, Democratic presidential candidates Bernie Sanders and Hillary Clinton are almost certain to joust over an alleged intrusion into Clinton’s voter … Continue Reading
When people think about data breaches, they tend think more about the illegal hacking into computer networks by individuals, criminal enterprises or even nation states, than they do about simple employee error. This makes some sense as hacking incidents seem to be more interesting and draw more media attention. Holding this belief, however, can cause … Continue Reading
