The New York State Assembly Committee on Banks held a public hearing on December 19, 2016, receiving testimony about both the benefits and challenges of a recently proposed regulation to address the growing threat posed by cyber-attacks on banks, insurance companies and most other entities which are regulated by the Department of Financial Services (DFS). The … Continue Reading
It has been reported that infamous bank robber, Slick Willie Sutton, once said, “I rob banks because that’s where the money is.” Data thieves, understandably, have a similar strategy – go where the data is. The retail industry knows this as it has been a popular target for payment card data. The healthcare and certain … Continue Reading
In an election year that has divided much of the country, we are providing you with a clear and simple choice this voting cycle. To this end, we are proud to announce that the Workplace Privacy Report Has Been Nominated for The Expert Institute’s Best Legal Blog Competition. From a field of hundreds of potential nominees, … Continue Reading
The folks over at Politico are reporting that the Senate Judiciary Committee struck a deal Wednesday night regarding the Judicial Redress Act. The committee adopted Senator John Cornyn’s amendment that ties the bill’s privacy protections to the proposed new Safe Harbor Agreement being negotiated between the U.S. and the EU. The Judicial Redress Bill attempts … Continue Reading
Bloomberg BNA is reporting that the EU hopes to reach a Safe Harbor deal with the U.S. on Monday, February 1, 2016. Speaking at the Computers, Privacy and Data Protection Conference in Brussels, Paul F. Nemitz, Director for Fundamental Rights and Union Citizenship at the Directorate-General Justice of the European Commission said, “[w]e hope to be … Continue Reading
Senate Bill 949 is now law in Connecticut, after being signed by Governor Malloy on June 11. As we reported, this law amends the state’s current breach notification mandate to require that for breaches of certain personal information covered business must provide one year of free identity-theft protection for affected persons. So, beginning October 1, 2015, … Continue Reading
News reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk rests with an organization’s workforce members. An organization’s information … Continue Reading
The Federal Communications Commission (FCC) is continuing its efforts to clarify the Telephone Consumer Protection Act (TCPA) and its requirements. To this end, the FCC is seeking comments by tomorrow, January 13, 2015, on eleven petitions seeking waiver of the FCC’s rule on opt-out notices on fax advertisements to recipients who have provided prior express invitation or permission. Specifically, … Continue Reading
As we reported, state Attorneys General have authority to enforce the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), pursuant to the authority granted under the Health Information Technology for Clinical and Economic Health (HITECH) Act. Shortly after announcing plans to seek legislation requiring stronger protections for personal and financial … Continue Reading
Data security is too often synonymous with the loss of consumer financial information. A recent report by a cybersecurity research firm reminds us, however, that a data breach can have an impact far beyond consumer privacy concerns. On December 1, 2014, FireEye Inc. announced that a group called “FIN4” was duping executives, lawyers, and financial … Continue Reading
The FTC recently settled a charge with True Ultimate Standards Everywhere, Inc. (“TRUSTe”) alleging that the internet privacy certification company deceived consumers about its recertification program, as well as misrepresented itself as a non-profit entity when, in fact, it had converted to a for-profit company. TRUSTe is a well-known internet privacy watchdog. Its seal is … Continue Reading
One of the most complex issues under the Telephone Consumer Protection Act (TCPA) is determining whether the technology utilized qualifies as an “automatic telephone dialing system” (ATDS) or “autodialer.” The TCPA prohibits using an ATDS to make calls to cell phone numbers, absent prior consent of the called party. An ATDS is generally define as … Continue Reading
Healthcare providers continue to have challenges with responding to attorney requests for information and subpoenas. We highlighted some of these last year, along with some issues providers should be considering to help meet those challenges. In this case, after the patient advised the provider not to disclose her PHI to her significant other, the provider received a … Continue Reading
Most employers are well aware that potential liability lurks if unauthorized information is disclosed to third parties. Obvious examples would include unauthorized employee or applicant health or financial information or personal information such as social security numbers and the like. In an interesting twist, the Minnesota Supreme Court considered whether liability could be created when … Continue Reading
An employer had no cause of action under the Computer Fraud and Abuse Act (“CFAA”) against an employee who accessed its computer systems to misappropriate confidential and proprietary business information to start a competing business, the U.S. District Court for the Southern District of Ohio has held. Cranel Inc. v. Pro Image Consultants Group, LLC, … Continue Reading
While recent legislation has tended to tighten data breach notification requirements (e.g., Florida and California), Assembly Bill 1755 extended the breach notification deadline from five to 15 days for certain healthcare providers. More specifically, according to AB1755 which becomes effective January 1, 2015, the deadline to provide notification of a breach of medical information for healthcare providers covered by … Continue Reading
On September 25, a four-year old boy from New Jersey died of Enterovirus D-68, reports myfoxphilly.com. Increasingly, there are reports about potential Ebola cases in the U.S. Naturally, the spread of infectious disease raises concern for everyone, particularly for healthcare workers who want to do their jobs, and also protect their families. There are already … Continue Reading
Two recent surveys provide some detailed analysis of cybersecurity and its impact in today’s world. The Global State of Information Security Survey 2015, conducted by PricewaterhouseCoopers LLP (PWC), found a 48% increase in the number of security incidents detected from 2013. PWC surveyed more than 9,700 security, information technology and business executives found a total … Continue Reading
The Internal Revenue Service issued a fraud alert for international financial institutions complying with the Foreign Account Tax Compliance Act (FATCA). According to the report, scam artists posing as the IRS – through attacks known as “phishing attacks” – have fraudulently solicited financial institutions seeking account holder identity and financial account information. Financial institutions regularly … Continue Reading
The National Labor Relations Board has found that another employer (a non-union employer) violated its employees’ protected concerted activity rights under the National Labor Relations Act (NLRA) when it disciplined and fired them for certain social media activity. Our Labor Group provides an extensive analysis of this decision in Triple Play Sports Bar and Grille, 361 NLRB No. 31 … Continue Reading
As we reported earlier, Florida lawmakers passed extensive revisions to its existing data breach notification law, SB 1524. On June 20, 2014, Florida’s Governor Rick Scott signed the bill into law, which becomes effective on July 1, 2014. Our earlier post provides more of a discussion about key provisions of the law. But here are a … Continue Reading
Add Oklahoma to the list of states prohibiting employers from requesting or demanding access to the personal social media accounts of employees or applicants. Signed into law by Gov. Mary Fallin, H.B. 2372 becomes effective November 1, 2014. In addition to being prohibited from requesting or demanding usernames or passwords from employees or applicants to their … Continue Reading
Effective January 1, 2015, Tennessee employers, including government entities, will be prohibited from requesting or requiring access to the private social networking or online accounts of employees and job applicants under the Volunteer State’s “Employee Online Privacy Act of 2014,” signed by Governor Bill Haslam. Our Tennessee colleagues outline the key provisions of the law, including some of … Continue Reading
Kentucky Gov. Steve Beshear signed H.R. 232 on April 10, 2014, making the Commonwealth the 47th state to enact a data breach notification law. The law also limits how cloud service providers can use student data. A breach notification law in New Mexico may follow shortly. Data Breach Notification Mandate The Kentucky law follows the same general structure of … Continue Reading
