A New York law, effective December 12, 2012, prohibits businesses and other entities from requiring individuals to disclose or furnish their Social Security Numbers for any purpose, subject to certain exceptions.
Continue Reading New York Tightens Protections on Social Security Numbers
Lawful Access and Improper Use of Computer Data Does Not Violate the CFAA
The Fourth Circuit recently held that the Consumer Fraud and Abuse Act’s (“CFAA”) prohibitions against unauthorized access or access in excess of authorization were not violated by an employee when the employee used his valid access to employer’s computer network to download confidential business information that he later used while working for a competitor.
Prior
Stolen Flash Drive Leads to Another HIPAA Data Breach
Burglary at hospital employee’s home results in stolen flash drive and HIPAA data breach
Continue Reading Stolen Flash Drive Leads to Another HIPAA Data Breach
Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
Notice to Connecticut Attorney General now required following data breaches affecting state residents.
Continue Reading Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
Vermont Becomes Eighth State to Limit Access and Use By Employers of Credit Information
Effective July 1, 2012, Vermont joins California, Connecticut, Hawaii, Illinois, Maryland, Oregon, and Washington as jurisdictions that restrict an employer’s right to obtain and use credit information for making employment decisions. Similar legislation is pending in many other jurisdictions. Click here for more information about the Vermont law.
Vermont Strengthens Data Breach Notification Requirements
14-day Attorney General notice and other amendments to Vermont’s Security Breach Notice Act further complicate data breach response.
Continue Reading Vermont Strengthens Data Breach Notification Requirements
Massachusetts Company Fined $15,000 Under State’s Data Security Law
The Massachusetts AG’s enforcement of its data security law demonstrates that it does not take lightly the loss of Massachusetts residents’ personal information, even if that loss has not caused any known harm to the affected residents, and that it may remain watchful over the subject of an investigation for years to come.
Continue Reading Massachusetts Company Fined $15,000 Under State’s Data Security Law
Jackson Lewis White Paper Addresses Legal Risks Stemming From Occupational Health Nurses and On-site Health Clinics
Read Jackson Lewis’ white paper addressing legal risks stemming from occupational health nurses and on-site health clinics
Continue Reading Jackson Lewis White Paper Addresses Legal Risks Stemming From Occupational Health Nurses and On-site Health Clinics
Debt Collection Agency Sued by Minnesota Attorney General Over Privacy Breach and Other Concerns
Like any business that handles personal information, debt collection agencies have obligations to maintain reasonable safeguards to protect that information. Recent enforcement activity by the Minnesota Attorney General’s office makes this clear. The banks, health care providers and other businesses that utilize collection services are also driving compliance as they demand these companies have
Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012
Massachusetts service provider contract deadline – March 1, 2012 – should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.
Continue Reading Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012