Last February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. The scam, which targets businesses during tax season, was also “spreading to other sectors, including school districts, tribal organizations and nonprofits.” In August 2017, the IRS renewed its warning to tax professionals and businesses as part of … Continue Reading
A data breach occurs in which an outside individual obtains your company’s employees’ W-2 forms including social security numbers, addresses, and salary information. As a result, your company notifies all affected employees, explains what occurred, and offers a complimentary two-year membership to a service that helps detect misuse of personal information. Is your company liable … Continue Reading
As reported on our Global Immigration Blog, the U.S. Citizenship and Immigration Services (USCIS) has issued a notice regarding scam email requests for I-9 information. According to USCIS, employers have received scam emails that appear to come from USCIS. These scam emails come from a fraudulent email address (news@uscis.gov) and the body of the email may contain USCIS and … Continue Reading
On November 2nd, New York Attorney General Eric T. Schneiderman announced his proposal of the SHIELD Act – Stop Hacks and Improve Electronic Data Security Act – a bill that would heighten data security requirements for companies and better protect New York residents from data breaches of their personal information. “It’s clear that New York’s … Continue Reading
We are proud to once again announce that the Workplace Privacy Report has been nominated for The Expert Institute’s Best Legal Blog Competition. From a field of thousands of nominees, the Workplace Privacy Report has received enough nominations to join one of the largest competitions for legal blog writing online today. If you enjoy the Workplace … Continue Reading
After hearing a lot lately about big companies suffering data breaches, it is important to remember that, according to inc.com, half of all cyberattacks target small to mid-sized businesses (SMBs). Based on a 2016 State of SMB Cybersecurity Report, CNBC reported that in the prior 12 months half of all SMBs in the U.S. had been hacked. … Continue Reading
The effects of hurricanes like Harvey and the approaching Irma should be a reminder to all businesses of the importance of disaster recovery planning. When a storm approaches, a business’s first concern is how to protect its employees and physical property. However, we shouldn’t forget that a natural disaster can also destroy a business’s information and technology … Continue Reading
Delaware joins the growing number of states that recently amended their data breach notification law. On August 17th, Delaware amended its data breach notification law with House Bill 180, the first significant change since 2005, effective 240 days after enactment (on or about April 14, 2018). Delaware maintains the state law trend of requiring businesses … Continue Reading
The Maryland General Assembly has recently amended its Maryland Personal Information Protection Act, House Bill 974, effective January 1, 2018. Notable amendments expand the definition of personal information, modify the definition of breach of the security of the system, provide a 45-day timeframe for notification, allow alternative notice for breaches that enable an individual’s email … Continue Reading
Not to be outdone by the recent attention to biometric information in Illinois, and the Prairie State’s Biometric Information Privacy Act (BIPA), Washington enacted a biometric data protection statute of its own, HB 1493, which became effective July 23, 2017. What it notable about Washington’s new biometric information law? It prohibits “persons” from “enrolling” “biometric … Continue Reading
As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also … Continue Reading
On May 11, 2017 – after weeks of anticipation – the White House released an Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. There could not be better timing with a global cyberattack unleashing ransomware against governments and companies in nearly 100 countries around the globe. This newly released Executive Order … Continue Reading
On April 6, 2017, New Mexico Governor Susana Martinez signed HB 15, making New Mexico the 48th state to enact a data breach notification law. The law has an effective date of June 16, 2017 and follows the same general structure of many of the breach notification laws in other states. Importantly, the definition of personal … Continue Reading
As previously highlighted, in early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, 2017, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of its … Continue Reading
On February 2, 2017, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. The scam, which targets the corporate world during tax season, is currently “spreading to other sectors, including school districts, tribal organizations and nonprofits.” (irs.gov/news-events). This cyber-scam is simple, but highly successful. It consists of … Continue Reading
New York State Attorney General Eric T. Schneiderman announced a settlement with Acer Service Corporation (a Taiwanese computer manufacturer) relating to the NYSAG’s investigation of a breach of Acer’s data. The data breach, first reported in June, 2016, involved data for over 35,000 customers throughout the United States, Canada and Puerto Rico, including 2,250 customers … Continue Reading
In honor of Data Privacy Day, we provide the following “Top 10 for 2017.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017. 1. Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or personal … Continue Reading
A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds the victims’ expectations it could backfire. Those victims may become suspicious, thinking the organization has something to hide, which could have … Continue Reading
It has been reported that infamous bank robber, Slick Willie Sutton, once said, “I rob banks because that’s where the money is.” Data thieves, understandably, have a similar strategy – go where the data is. The retail industry knows this as it has been a popular target for payment card data. The healthcare and certain … Continue Reading
The U.S. Department of Homeland Security (DHS) has designed October as National Cyber Security Awareness Month. But as we leave October, remember that data security is an ongoing challenge that requires continued vigilance not just from information system hacking, but also from employee error and other threats. Setting up a comprehensive training and awareness program is … Continue Reading
Fortune.com reported that according to an International Data Corporation (IDC) forecast, by 2020, spending on security-related hardware, software, and services will eclipse $100 billion. However, consulting company NTT Com Security recently surveyed 1,000 executives and found only about half of them reported having a formal plan to respond to a data breach. Franklin wisely noted … Continue Reading
For years, many questioned whether the HIPAA privacy and security rules would be enforced. The agency responsible for enforcement, Health and Human Services’ Office for Civil Rights (OCR), promised it would enforce the rules, but just after a period “soft” enforcement and compliance assistance. That period appears to be ending. During the first seven months … Continue Reading
While data breach incidents affecting the entertainment, retail, healthcare, and financial industries have garnered more attention in past years, the data breach spotlight recently shifted to law firms. This shift was triggered by media coverage of the breach and leak of the Panama Papers, and by reports that, in 2015, hackers breached the networks of … Continue Reading
Last month, Illinois Governor Bruce Rauner signed into law a number of amendments to the State’s Personal Information Protection Act (“PIPA”) that expand the definition of protected personal information and increase certain data breach notification requirements. The amendments, highlighted below, take effect January 1, 2017. Currently, “personal information” is limited to an individual’s first name … Continue Reading
